Articles, Contactless passwordless, Cyberculture, EviOTP NFC HSM Technology, EviPass NFC HSM technology, multi-factor authentication, Passwordless MFA

How to choose the best multi-factor authentication method for your online security

Posted on September 2, 2023May 5, 2024 by FMTAD

02
Sep

Multi-factor Authentication by Jacques Gascuel: This article will be updated with any new information on the topic.

Why use multi-factor authentication?

Passwords are not enough to protect your online accounts from cybercriminals. You need to use a more robust authentication method: multi-factor authentication. It combines several factors to verify your identity, such as passwordless MFA. In this article, you will discover what it is, how it works and how to choose it.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

February 10, 2024

Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts

February 8, 2024

Everything you need to know about multi-factor authentication and its variants

Have you ever wondered how to protect your online accounts and data from hackers and cybercriminals? If so, you need to know about multi-factor authentication and its variants. Authentication is the process that verifies the identity of a user who wants to access a website, an application or a system. Authentication is essential to protect the security and privacy of data and online transactions. Without proper authentication, hackers and malicious actors can access sensitive information, steal identities, compromise accounts or commit fraud.

There are different authentication methods that can offer different levels of security and convenience for users. Some methods use only one factor, such as a password, to verify a user’s identity. This is called single-factor authentication (SFA). SFA is simple, fast and convenient, but also very insecure and unreliable. Other methods use two or more factors, such as a password and a code, to verify a user’s identity. This is called multi-factor authentication (MFA). MFA offers a high level of security because it makes it harder for attackers to obtain all the factors needed to access an account.

In this article, we will explain the main differences between six popular methods of authentication: single-factor authentication (SFA), multi-factor authentication (MFA), two-factor authentication (2FA), two-step verification (2SV), one-time passwords (OTP) and passwordless multi-factor authentication (Passwordless MFA). We will also introduce you to a new product that offers an innovative and eco-friendly solution for contactless multi-factor authentication: PassCypher NFC HSM. We will also discuss another method of authentication that allows users to access multiple applications or services with one login. This is called single sign-on (SSO). SSO can use different protocols, such as SAML, OAuth, or OpenID Connect, to verify the user’s identity and grant access.

According to a report by Microsoft, 99.9% of account compromise attacks can be blocked by using multi-factor authentication. Therefore, it is important to choose the best authentication method for your online security. In this article, we will help you understand the pros and cons of each method and how to choose the best one for your needs and preferences.

Why use multi-factor authentication?

You use passwords for your online accounts; but are they secure enough? Cybercriminals can steal, guess or hack them easily; you hear many news about it. You want to improve their protection and usage; you need to know more. You need to know the different methods of multi-factor authentication; up to the most robust one, like passwordless MFA. In this article, you will get answers and learn more.

How to evaluate the level of resistance to cyberattacks?

We use several criteria to evaluate the level of resistance to cyberattacks of an authentication method, such as:

The number and diversity of factors used: An attacker has a harder time getting all the factors if there are more of them. It is also better to combine factors of different natures (what you know, what you have, what you are); they are less vulnerable to the same types of attacks.
The complexity and variability of factors used: An attacker has a harder time guessing or reproducing the factors if they are more complex and variable. For example, a long and random password is more resistant than a short and simple one. Likewise, a one-time code is more resistant than a fixed one.
The security and reliability of communication channels used: An attacker has a harder time intercepting or altering the channels if they are more secure and reliable. For example, an encrypted connection is more secure than an unencrypted one. Likewise, a push notification is more reliable than an SMS.
The ease and speed of use for the user: Users are more likely to adopt the methods if they are easier and faster. A too complex or slow method can discourage users or make them bypass security. For example, facial recognition is easier and faster than a USB key.

We give a score out of 10 to each authentication method based on these criteria; we consider the pros and cons of each factor and channel. This score reflects the level of resistance to cyberattacks of the method; its ability to prevent or reduce the impact of an attack.

What are the differences between MFA, 2FA, 2SV, SFA, SSO, OTP and Passwordless MFA?

MFA, 2FA, 2SV, Passwordless MFA, OTP and SFA are all types of authentication methods that require users to provide one or more pieces of evidence (or factors) to prove their identity. However, they have distinct differences in terms of how they work and how secure they are. Here is a summary of each one:

Multi-Factor Authentication (MFA)

MFA is a security enhancement that requires users to submit two or more pieces of evidence (factors) to access a system. These factors can belong to different categories, such as:

Knowledge: something that the user knows, such as a password, a PIN or an answer to a secret question.
Possession: something that the user has, such as a smartphone, a smart card or a hardware token.
Inherence: something that the user is, such as a fingerprint, a retina scan or a facial recognition.

MFA offers a high level of security because it makes it harder for attackers to obtain all the factors needed to access an account. Even if one factor is compromised, such as a password, the other factors can still prevent unauthorized access.

Level of resistance to cyber attacks: 8/10

Two-Factor Authentication (2FA)

2FA is a type of MFA; it uses two distinct factors of authentication. These factors must belong to two different categories; such as knowledge and possession. For example, you can log in to an account; with your username and password (knowledge). Then you receive a notification on your smartphone (possession); to approve the login.

2FA offers an intermediate level of security between single-factor authentication by password only and MFA by adding an extra layer of protection against unauthorized access attempts. However, it can be less secure than 2FA; if it uses factors that belong to the same category; such as knowledge.

Indeed, if an attacker manages to obtain the password and the additional code; they can access the account without any problem.

Level of resistance to cyber attacks: 6/10

Two-Step Verification (2SV)

2SV is a type of MFA that requires two sequential steps of verification using authentication factors. These steps can belong to the same category, such as knowledge. For example, Google uses 2SV for its accounts. To log in, the user enters their username and password (knowledge), then they enter an additional code that they receive by SMS or email (knowledge).

2SV offers an intermediate level of security between single-factor authentication by password only and 2FA by adding an extra layer of protection against unauthorized access attempts. However, it can be less secure than 2FA if it uses factors that belong to the same category, such as knowledge.

Indeed, if an attacker manages to obtain the password and the additional code, they can access the account without any problem.

Level of resistance to cyber attacks: 4/10

Single-Factor Authentication (SFA)

Single-Factor Authentication (SFA) is a security method that uses only one factor to verify a user’s identity. A factor is something that the user knows, has, or is. For example:

One piece of evidence (factor) verifies a user’s identity with SFA.
The factor can be something the user knows (password, PIN, secret question), has (smartphone, smart card, hardware token), or is (fingerprint, retina scan, facial recognition).
SFA has some benefits but also many drawbacks. It is simple, fast and convenient, but also insecure, unreliable and non-compliant.
Many cyberattacks expose users to SFA, such as phishing, keylogging, brute force or credential stuffing.
Attackers can easily obtain the factor and access the account without the user’s consent.
If the factor is compromised (e.g., password), the account is vulnerable to unauthorized access.
SFA does not meet the security standards or regulations of some industries or organizations (e.g., banks, government agencies).

SFA offers a low level of security because it makes it easy for attackers to obtain the factor needed to access an account. If the factor is compromised, such as a password, the user’s account is vulnerable to unauthorized access.

Level of resistance to cyber attacks: 2/10

Single Sign-On (SSO) and Multi-Factor Authentication (MFA)

Single Sign-On (SSO) is a security method that allows users to access multiple applications or services with one login. The user only needs to enter their username and password once, and the SSO service authenticates them for all the connected applications. SSO can use different protocols, such as SAML, OAuth, or OpenID Connect, to verify the user’s identity and grant access. SSO has some advantages and disadvantages that you should consider before choosing it as your authentication method.

Pros of SSO
- Reduced password fatigue: Users only need to remember one password instead of many. This makes it easier to create strong and unique passwords for each application.
- Simplified user and password management: IT admins can control the access rights of users from a central place. They can also revoke or change the passwords of users who leave the organization or lose their devices.
- Improved identity protection: SSO can use additional security measures, such as multi-factor authentication (MFA), to enhance the verification process. MFA is a type of authentication that requires two or more factors to verify a user’s identity. These factors can be something that the user knows, has, or is, such as a password, a smartphone, or a fingerprint. MFA offers a higher level of security than single-factor authentication (SFA), which only requires one factor, such as a password.
Cons of SSO
- Limited user control: Users cannot choose which applications are included in the SSO service. They may also have difficulty logging out of all the applications at once.
- Incompatible apps: Some applications may not support the SSO protocols or require additional configuration to work with the SSO service. This may limit the number of applications that users can access with one login.
- Unpredictable costs and time: Implementing and maintaining an SSO service may be costly or complex for some organizations. They may need to buy or develop software, pay for subscription fees, train users or staff, or comply with regulations.

SSO has some benefits but also some drawbacks that you should consider before choosing it as your authentication method. You should weigh the pros and cons of SSO and compare them with your security goals and resources.

Level of resistance to cyber attacks: 7/10

Passwordless Multi-Factor Authentication (Passwordless MFA)

Passwordless MFA is a term used to describe an authentication method; that does not require a password; and that uses multiple factors. For example, you can log in to an account; using your fingerprint (inherence) and a code generated by your smartphone (possession); without having to enter your username or password.

Passwordless MFA offers the highest level of security; when implemented correctly; because it eliminates the risk of password theft or leakage. It also improves convenience and user experience; because it does not require memorization or input of passwords.

Level of resistance to cyber attacks: 10/10

One-Time Passwords (OTP)

OTP are random and temporary codes; that are used as additional factors of authentication. There are two main types of OTP: Time-based One-Time Password (TOTP) and HMAC-based One-Time Password (HOTP).

Time-based One-Time Password (TOTP)

TOTP is a type of OTP that is generated based on time; it uses a secret key shared between the server and the client; as well as a counter based on the client’s clock. The server and the client calculate the same code; using the same key and the same counter. The code is valid for a short period, usually 30 seconds.

TOTP offers a high level of security because it prevents the reuse of codes. Even if an attacker intercepts a code, they will not be able to use it after its expiration.

Level of resistance to cyber attacks: 7/10

HMAC-based One-Time Password (HOTP)

HOTP is a type of OTP that is generated based on an incremental counter. It uses a secret key shared between the server and the client, as well as a counter that increments every time a code is generated or validated. The server and the client calculate the same code using the same key and the same counter. The code does not have a fixed validity period, but it must be used in order.

HOTP offers an intermediate level of security because it requires synchronization between the server and the client. If the client’s counter is offset from the server’s counter, there may be authentication errors. Moreover, if an attacker manages to obtain the secret key or the counter, they can generate valid codes.

Level of resistance to cyber attacks: 5/10

Statistics on MFA, 2FA, 2SV, SFA, OTP (TOTP and HOTP), Passwordless MFA and SSO

To illustrate the importance and popularity of multi-factor authentication methods, here are some statistics from various sources:

According to the 2021 Duo Trusted Access Report, the total number of MFA authentications increased by 39% over the past year, while biometric authentications saw an even faster growth, with a 48% increase.
The report also indicates that Duo Push is the most popular authentication method, accounting for 30% of the total authentications, followed by SMS (25%) and phone calls (19%).
Among customers using location policies, 74% block Russia and China, which are the most frequently blocked countries in authentication apps.
In 2020, Duo Security conducted a survey of over 4,000 people in the US and UK on their experience and perception of 2FA. The survey revealed that 79% of respondents had used 2FA in 2020, up from 53% in 2019 and 28% in 2017.
The survey also showed that SMS (85%) continues to be the second most common factor that respondents with 2FA experience have used, slightly up from 2019 (72%). Email is the second most common factor (74%), with a notable increase from 2019 (57%).
According to a report by Okta, an identity and access management company, SSO adoption increased by 68% between February and April 2020, as more organizations shifted to remote work due to the COVID-19 pandemic.
The report also found that SSO usage was highest among education (60%), technology (58%), and non-profit (49%) sectors. The most popular SSO protocols were SAML (54%), OAuth (24%), and OpenID Connect (22%).

These statistics show that multi-factor authentication methods are more effective and popular than single-factor authentication methods. They provide higher levels of security and reliability for users and organizations. However, they also reveal that there is still room for improvement and awareness in terms of online security. Many users and companies do not use multi-factor authentication or use weak factors that can be compromised. Therefore, it is important to educate and encourage users and companies to adopt multi-factor authentication methods that suit their needs and preferences.

Discover PassCypher NFC HSM: an innovative solution for contactless multi-factor authentication

You now have a better understanding of the different methods of multi-factor authentication and their pros and cons. You may have noticed that some methods have weaknesses, such as vulnerability to cyber attacks, dependency on network or battery availability, or complexity of managing passwords.

Fortunately, there is a solution that combines security, convenience and ecology to protect your data and online transactions. We introduce you to PassCypher NFC HSM, a product developed by Freemindtronic that allows you to store and manage passwords, one-time passwords (OTP) and HMAC-based passwords (HOTP) in a wireless and battery-free device. It uses EviOTP technology, which is a patented solution by Freemindtronic to generate OTP without internet connection or power supply. It works with NFC-compatible Android smartphones and computers equipped with a Chromium or Firefox web browser.

The benefits of PassCypher NFC HSM

Some of the benefits of PassCypher NFC HSM over traditional multi-factor authentication solutions are:

Higher resistance to cyber attacks: It uses a NFC HSM device that stores the secrets in an encrypted way. It also verifies the validity of the device used, its pairing key, its unique anti-counterfeiting key, and the validation of the Authenticator Sandbox. It does this with auto verification of fraudulent URLs.
Greater convenience: It does not require network or battery. You just need to scan the PassCypher NFC HSM device with your smartphone. This will automatically fill in the login fields on your computer or display the OTP code. The OTP code corresponds to the online service.
Better eco-friendliness: It reduces energy consumption and CO2 emissions. It uses a wireless and battery-free device. It works with EviOTP technology, which generates OTP without network or battery. You can scan them with your smartphone to access your accounts.
More customization: It allows the user to freely define the authentication factors that they want to use. They can add cumulative factors such as the UID of the NFC Android phone, a BSSID or an authorized geofence. They can also add additional factors that involve their intervention. For example, a biometric criterion or a segmented key via a QR code or a hexadecimal barcode.

The features of PassCypher NFC HSM

PassCypher NFC HSM offers several features that facilitate the management and use of passwords and OTP. Here are some of these features:

It allows you to automatically fill in the identifiers and passwords of 2SV methods, such as Google or Facebook, using a browser extension. You just need to scan the PassCypher NFC HSM device with your smartphone to automatically fill in the login fields on your computer.
It manages TOTP, such as those used by GitHub or Dropbox, using a dedicated application on your smartphone. You just need to scan the PassCypher NFC HSM device with your smartphone to display the TOTP code corresponding to the online service. For this, you must have previously saved the OTP codes via the QR Code generated from the site that authorizes 2FA via TOTP or HOTP.
It has an advanced configurable passwordless MFA function patented using physical origin segmented key authentication defined freely by the user. It can add them cumulatively for each secret stored in the NFC HSM of segments that can be UID of the NFC Android phone, a BSSID or an authorized geofence. It can also add additional factors that involve their intervention, such as a biometric criterion or a segmented key via a QR code or a hexadecimal barcode. You just need to scan the PassCypher NFC HSM device with your smartphone to access your account without entering any username or password.
It allows you to save and restore contactlessly, in real time in volatile memory of the phone or computer, without needing a server, database, without needing to create an account and anonymously and encrypted end-to-end from the NFC HSM. It works on the NFC Android phone and on computer via an extension only on the local network encrypted end-to-end from the NFC HSM. You just need to pass the PassCypher NFC HSM under your smartphone’s antenna to auto-connect to the cloud service via the passwordless MFA process.
It allows you to share secrets stored in NFC HSM by various means with other authorized users with trust criteria who also have a PassCypher NFC HSM. Sharing can be done in presence of the recipient who scans a QR Code of the secret shared via coded QR Code. It can share nearby by bluetooth file sharing. It can also share remotely via all means of communication existing in their phone including SMS or RCS using a 4096-bit RSA public key that the recipient has freely generated in their NFC HSM that they regenerate at will. It can also share it contactlessly via Android Beam NFC technology.

Conclusion

In this article, we have discussed how to choose the best multi-factor authentication method for your online security. We have also compared some of the most popular and innovative solutions available in the market. Multi-factor authentication is a vital component of online security that protects your data and transactions from unauthorized access. However, not all methods are suitable for all situations and needs. Therefore, you should consider several factors when choosing an authentication method, such as:

The type and sensitivity of the data or transactions that you want to protect. Some data or transactions are more valuable or confidential than others. For example, your bank account or medical records require more protection than your social media account or online shopping.
The availability and reliability of the network or battery for your devices. Some methods depend on the network or battery to work. For example, you cannot use SMS or email if you have no internet connection or phone signal. Likewise, you cannot use a USB key or a smart card if your device has no power or port.
The ease and frequency of use and management of the authentication factors. Some methods are easier and faster to use and manage than others. For example, facial recognition or fingerprint scanning are more convenient than typing a password or entering a code. However, you may also need to change or update your factors regularly to maintain their security.
The compatibility and interoperability of the authentication method with your devices and platforms. Some methods work only with specific devices or platforms. For example, you cannot use an Apple Watch or a Google Authenticator app if you have an Android phone or a Windows computer. Likewise, you cannot use a biometric scanner if your device does not have one.
The cost and benefit of implementing and maintaining the authentication method. Some methods are more expensive or complex to implement and maintain than others. For example, you may need to buy additional hardware or software, pay for subscription fees, train users or staff, or comply with regulations.

These factors can help you decide which authentication method suits your needs and preferences best. You should weigh the pros and cons of each method and compare them with your security goals and resources.

Comparison of popular authentication methods

We have explained the main differences between five popular methods of multi-factor authentication: multi-factor authentication (MFA), two-factor authentication (2FA), two-step verification (2SV), passwordless multi-factor authentication (Passwordless MFA) and one-time passwords (OTP). Each method has its own advantages and disadvantages depending on the context and implementation. We have also introduced you to a new product that offers an innovative and eco-friendly solution for contactless multi-factor authentication: PassCypher NFC HSM.

PassCypher NFC HSM offers several benefits over traditional multi-factor authentication solutions, such as SMS or email

Freemindtronic designed, developed and manufactured PassCypher NFC HSM. This product lets you store and manage passwords, keys, OTP and HOTP. It uses a wireless, battery-free NFC HSM device. It works for life without maintenance. It also incorporates several EviPass technologies. EviCore NFC HSM and EviOTP technology are patented by Freemindtronic. With these technologies, you can manage, store, share, encrypt and generate OTP code securely. You can do this contactlessly from NFC devices. It does not need an Internet connection, a server, a database or a power supply. It works contactless with NFC-compatible Android smartphones.

PassCypher NFC HSM also offers several features that facilitate the management and use of passwords, such as:

Password generator: It can generate strong and random passwords for any website or application.

Password manager: It can store and retrieve your passwords securely and conveniently.
OTP generator: It can generate OTP based on time (TOTP) or counter (HOTP) for any website or application that supports them.
HOTP generator: It can generate HOTP based on HMAC algorithm for any website or application that supports them.
QR code scanner: It can scan QR codes that contain OTP information and generate the corresponding OTP.
Web extension: This is a feature that can integrate with your web browser. It can automatically fill in your complicated and complex usernames and passwords in MFA Passwordless. It does this for any website you visit.

One of the features of PassCypher NFC HSM is that it can store and manage SSO credentials and passwords for automatic login in passwordless MFA. This means that you can use PassCypher NFC HSM to access multiple applications or services with one tap, without entering any password. This increases the level of security of the authentication by SSO, as it eliminates the risk of password theft or compromise. Similarly, PassCypher NFC HSM can also store and manage SFA credentials and passwords for automatic login in passwordless MFA. This means that you can use PassCypher NFC HSM to access any website or system with one tap, without entering any password. This increases the level of security of the authentication by SFA, as it reduces the password fatigue and reuse.

PassCypher NFC HSM is a powerful and innovative product that enhances your online security and convenience. It is compatible with any type of authentication method, such as MFA, 2FA, 2SV, Passwordless MFA or SFA. It is also easy to use and eco-friendly.

If you are interested in trying out PassCypher NFC HSM, you can order it from our [website] or download our [web extension] for free. If you have any questions or feedback, please feel free to [contact us]. We would love to hear from you.

2023, Articles, Cyberculture, EviCore HSM OpenPGP Technology, EviCore NFC HSM Browser Extension, EviCore NFC HSM Technology, Legal information, Licences Freemindtronic

Unitary patent system: why some EU countries are not on board

Posted on August 1, 2023March 15, 2024 by FMTAD

01
Aug

Unitary patent system by Jacques Gascuel: This article will be updated with any new information on the topic.

Why some EU countries don’t want the unitary patent

The unitary patent system promises to simplify and unify patent protection in Europe. But not all EU countries are on board. Discover why some countries like Spain have opted out and what it means for inventors.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

March 15, 2024

2024 Cyberculture Uncategorized

Chinese cyber espionage: a data leak reveals the secrets of their hackers

March 2, 2024

2024 Cyberculture

Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

February 24, 2024

ECHR landmark ruling in favor of encrypted messaging, featuring EviCypher NFC HSM technology by Freemindtronic.

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

February 21, 2024

Digital image showing a confused user at a computer surrounded by complex password symbols

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation

January 22, 2024

2023 Articles Cyberculture EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine

January 5, 2024

2023 Articles CyberStealth legal Legal information News Spying

The American Intelligence: How It Works

December 26, 2023

Why some EU countries are not on board

What is the unitary patent?

The unitary patent is a new scheme that allows inventors and innovative companies to protect their inventions in 17 EU member states by filing a single request to the European Patent Office (EPO) ¹. It is an alternative option to the classical European patent, which requires individual validation and maintenance in each country where the patent holder wants to benefit from protection ¹. The unitary patent entered into force on 1 June 2023, after the ratification of the Agreement on a Unified Patent Court (UPC Agreement) by 17 states participating in enhanced cooperation ². It is expected that more EU states will join this scheme in the future ¹.

The unitary patent is based on the European patent granted by the EPO under the rules of the European Patent Convention (EPC), so nothing changes in the pre-grant phase and the same high standards of quality search and examination apply. After a European patent is granted, the patent holder can request unitary effect, thereby obtaining a European patent with unitary effect (unitary patent) that provides uniform protection in initially 17 EU member states.

What is the current status of the unitary patent?

The unitary patent system is a new scheme that allows inventors and innovative companies to protect their inventions in 17 EU member states by filing a single request to the European Patent Office (EPO) . It is an alternative option to the classical European patent, which requires individual validation and maintenance in each country where the patent holder wants to benefit from protection . The unitary patent is expected to start in early 2023, after the ratification of the Agreement on a Unified Patent Court (UPC Agreement) by 17 states participating in enhanced cooperation . It is expected that more EU states will join this scheme in the future.

The UPC Agreement

The UPC Agreement is an international treaty that establishes the Unified Patent Court (UPC), a supranational specialised court that will have exclusive jurisdiction to settle disputes relating to unitary patents and European patents . The UPC Agreement was signed by 25 EU member states in 2013, but it requires the ratification by at least 13 states, including France, Germany and Italy, to enter into force.

As of June 2021, 16 states have ratified the UPC Agreement, including France and Italy . Germany has also ratified the UPC Agreement in December 2020, but its ratification is pending before the German Constitutional Court, which has received two constitutional complaints against it . The German government has expressed its intention to deposit its instrument of ratification as soon as possible after the resolution of these complaints . The UK, which was initially one of the mandatory ratifying states, has withdrawn from the unitary patent system after leaving the EU in 2020.

The main obstacle and challenges

The main remaining obstacle for the implementation of the unitary patent system is therefore the outcome of the German constitutional complaints. If they are dismissed or overcome, Germany could deposit its instrument of ratification and trigger the entry into force of the UPC Agreement within three months . However, if they are upheld or delayed, Germany could be prevented from joining the unitary patent or cause further uncertainties and complications for its launch.

Other challenges for the implementation of the unitary patentinclude the practical and logistical arrangements for the operation of the Unified Patent Court, such as the recruitment and training of judges, the establishment of IT systems and facilities, and the adoption of procedural rules and guidelines . Moreover, some legal and political issues may arise from the withdrawal of the UK from the unitary patent, such as the impact on the linguistic regime of the unitary patent, the distribution of the workload and the cases among the different divisions of the Unified Patent Court, and the compatibility of the UPC Agreement with EU law.

What are the advantages?

The unitary patent system offers several advantages for inventors and innovative companies who want to protect their innovations in the EU. Among these advantages, we can mention:

The simplification of the procedure: the patent holder no longer needs to carry out complex and costly procedures with national offices to validate their European patent in each country ¹.
They only need to request unitary effect from the EPO, which is their single interlocutor ² .
The reduction of costs: the patent holder no longer has to pay validation fees, translation fees, representation fees or annual national fees to keep their patent in force in the countries covered by the unitary patent ¹.
They only pay a single annual fee to the EPO, which is calculated according to a progressive scale ³.
The legal certainty: the patent holder benefits from a uniform protection in all countries where the unitary patent takes effect, without risk of fragmentation or divergence between national rights ¹.
They can also enforce their rights before a supranational specialised court, the Unified Patent Court (UPC), which has exclusive jurisdiction to settle disputes relating to infringement and validity of unitary patents.

How does the unitary patent compare with other patent systems?

The unitary patent system is not the only option for obtaining patent protection in multiple countries. There are other regional or international patent systems that offer different advantages and disadvantages for inventors and innovative companies. Here are some examples:

The European Patent Convention (EPC)

The EPC is an international treaty that allows applicants to file a single application at the European Patent Office (EPO) and obtain a European patent that can be validated in up to 38 contracting states . The EPC is not affected by the unitary patent system and will continue to operate in parallel with it. The EPC offers more flexibility than the unitary patent, as applicants can choose which countries they want to validate their European patent in. However, it also involves more costs and formalities than the unitary patent, as applicants have to pay validation fees, translation fees and annual national fees in each country where they want to maintain their European patent.

The Patent Cooperation Treaty (PCT)

The PCT is an international treaty that allows applicants to file a single international application at a national or regional office and obtain an international search report and a preliminary examination report on their invention . The PCT does not grant patents directly, but facilitates the entry into national or regional phases in up to 153 contracting states . The PCT offers more time than the unitary patent system, as applicants can delay their decision on which countries they want to pursue their patent protection in for up to 30 or 31 months from the priority date . However, it also involves more complexity than the unitary patent, as applicants have to comply with different requirements and procedures in each country where they enter the national or regional phase.

The Eurasian Patent Convention (EAPC)

The EAPC is an international treaty that allows applicants to file a single application at the Eurasian Patent Office (EAPO) and obtain a Eurasian patent that can be validated in up to 8 contracting states . The EAPC is not related to the unitary patent system and operates independently from it. The EAPC offers more simplicity than the unitary patent, as applicants do not have to pay any validation fees or translation fees in the countries where they want to validate their Eurasian patent . However, it also involves more risk than the unitary paten system, as applicants cannot opt out of the jurisdiction of the Eurasian Court of Patent Disputes, which can invalidate their Eurasian patent in all contracting states.

How Freemindtronic’s international patents are related to the unitary patent

Freemindtronic is an Andorran company that creates innovative solutions for security, cyber-security and counter-espionage, using contactless technology (NFC). We have several inventions that are protected by international patents in the fields of embedded systems, access control and segmented key authentication. For example, our patented technologies EviCore NFC HSM, which manage encryption keys in an NFC HSM device, EviCore HSM OpenPGP, which manage encryption keys in a security element of phones, EviVault NFC HSM Cold Wallet operating without contact, EviKey NFC a contactless secured USB key and the technology EviCypher NFC HSM which encrypts all types of data. These technologies implement our patents and especially the one based on the segmented key authentication system. The latter received the gold medal of international inventions of Geneva 2021.

Our patent options

Our patents are based on the European patent granted by the European Patent Office (EPO) under the rules of the European Patent Convention (EPC). Therefore, we could benefit from the unitary patent system, which is a new scheme that allows inventors and innovative companies to protect their inventions in 17 EU member states by filing a single request to the EPO. However, we would also have to consider the disadvantages and risks of the unitary patent, such as the risk of total invalidation, the lack of flexibility and the exclusion of some countries. Moreover, we would have to deal with the legal issues of the unitary patent for non-participating countries, such as cross-border infringement cases and jurisdictional conflicts.

Our patent strategy

We have opted for the unitary patent only for our segmented key authentication system, and we have added some non-participating countries to our other European patents. The reasons behind this choice are related to our market strategy, our innovation potential and our risk assessment. For instance, we have decided to use the unitary patent for our segmented key authentication system because we consider it as our core invention and we want to protect it in a uniform and effective way in most EU countries. On the other hand, we have decided to add some non-participating countries to our other European patents because we want to preserve our flexibility and avoid possible invalidation challenges in those countries.

Conclusion

Our international patents are relevant examples of how the unitary patent system can affect inventors and innovative companies in Europe, both positively and negatively. They illustrate the opportunities and challenges that the unitary patent poses for innovation and competitiveness in the EU.

How can legal issues of the unitary patent for non-participating countries be resolved?

The legal issues of the unitary patent system for non-participating countries are complex and not yet fully resolved. One of the main questions is how to deal with cross-border infringement cases involving unitary patents and national patents. For instance, if an inventor from a non-participating country, such as Spain, wants to enforce his rights on his classic European patent in a participating country, such as France, where a unitary patent holder claims to infringe his patent, which law should he consider? Well, the question is not easy to answer, because he will have to take into account many international standards. In the end, this very important aspect will be “subjected” to a very complex situation that will necessarily be defined with the successive application of the law.

Another question is how to ensure a fair balance between the rights and obligations of unitary patent holders and national patent holders in non-participating countries. For example, if a unitary patent holder wants to enforce their rights in a non-participating country, such as Poland, where a national patent holder is allegedly infringing their patent, which court should they go to? Well, the answer is not clear, as it will depend on the interpretation and application of various international agreements. In principle, the unitary patent holder should go to the national court of Poland, but they may face some difficulties or disadvantages in comparison with the national patent holder, such as higher costs, longer procedures or different standards of proof.

One possible way to resolve these legal issues is to harmonise the rules and practices of the unitary patent and the national patent systems in Europe. This could be achieved by adopting common standards and guidelines for patent examination, grant, validity and enforcement, as well as by establishing mechanisms for cooperation and coordination between the UPC and the national courts. Another possible way is to extend the scope and coverage of the unitary patent and the UPC to all EU member states and other EPC contracting states. This could be achieved by encouraging and facilitating their participation in the enhanced cooperation and ratification of the UPC Agreement.

However, these solutions may face some practical and political challenges, such as the lack of consensus or willingness among the different stakeholders, the respect for national sovereignty and diversity, or the compatibility with EU law and international obligations. Therefore, it is important that the unitary patent and its legal implications are carefully monitored and evaluated, and that its benefits and drawbacks are balanced and communicated to all parties involved.

What are the disadvantages?

The unitary patent system is not without disadvantages for some actors in the patent market. Among these disadvantages, we can mention:

The risk of total invalidation: the patent holder faces the possibility that their patent will be cancelled in all countries where it takes effect, if the UPC finds that it does not meet the requirements of patentability. They do not have the possibility to limit or amend their patent to avoid this fatal outcome.
The lack of flexibility: the patent holder cannot choose the countries where they want to protect their invention, nor renounce their patent in some countries to avoid paying fees or to circumvent legal obstacles. They must accept or refuse unitary effect as a whole.
The exclusion of some countries: the patent holder cannot benefit from protection in all EU member states, since some countries have decided not to participate in the unitary patent or have not yet ratified the UPC Agreement ¹.
This is notably the case of Spain, which is one of the few EU countries that does not intend to be part of the unitary patent

What are the best practices or strategies for using or avoiding the unitary patent?

The unitary patent system offers a new opportunity for inventors and innovative companies who want to protect their inventions in Europe. However, it also poses some challenges and risks that need to be carefully considered. Depending on their needs and goals, they may decide to use or avoid the unitary patent, or to combine it with other patent systems. Here are some factors to consider when making this decision:

The scope of protection

The unitary patent system provides a uniform protection in 17 EU member states, which may cover a large part of the European market. However, it does not cover all EU member states, nor non-EU countries that are part of the EPC or the PCT. Therefore, inventors and innovative companies should assess whether the unitary patent covers their target markets, or whether they need to seek additional protection in other countries.

The cost of protection

The unitary patent reduces the cost of protection in Europe, as it eliminates the need to pay validation fees, translation fees and annual national fees in each country where the unitary patent takes effect. However, it also introduces a single annual fee for the unitary patent, which is calculated according to a progressive scale . Therefore, inventors and innovative companies should compare the cost of the unitary patent with the cost of other patent systems, and consider whether they need protection in all countries covered by the unitary patent, or whether they can save money by choosing a smaller number of countries.

The risk of invalidation

The unitary patent increases the risk of invalidation in Europe, as it exposes the unitary patent to a single challenge before the UPC, which can invalidate it in all countries where it takes effect. Moreover, the UPC is a new court that may have some uncertainties and inconsistencies in its interpretation and application of the law. Therefore, inventors and innovative companies should evaluate the strength and validity of their inventions, and consider whether they want to avoid this risk by opting out of the UPC for their European patents, or by using other patent systems that allow them to limit or amend their patents in case of invalidation challenges.

The enforcement of rights

The unitary patent facilitates the enforcement of rights in Europe, as it allows the holders of unitary patents to sue infringers before the UPC, which can grant pan-European injunctions and damages. However, it also exposes them to counterclaims for invalidity before the UPC, which can invalidate their unitary patents in all countries where they take effect. Therefore, inventors and innovative companies should assess the likelihood and impact of infringement and invalidity actions, and consider whether they want to benefit from this facilitation by opting in to the UPC for their European patents, or whether they want to retain more control over their litigation strategy by using national courts or other patent systems.

Why do some EU countries not want to join the unitary patent

The reasons for some EU countries’ exclusion from the unitary patent are diverse. Spain, for example, considers that the linguistic regime of the unitary patent, which relies on the three official languages of the EPO (English, French and German), is discriminatory and harms its economic and cultural interests. It believes that Spanish, which is the second most spoken native language in the world, should be recognised as an official language of the unitary patent, or at least, that the holders of unitary patents should be required to provide a full translation in Spanish of their patents. It also fears that the unitary patent will strengthen the dominant position of the English-speaking and German-speaking countries in the field of innovation and will reduce the development opportunities of Spanish companies.

Croatia, on the other hand, has not joined enhanced cooperation for setting up the unitary patent, because it joined the EU after the launch of this initiative. However, it has expressed its interest in joining the unitary patent in the future.

Poland and the Czech Republic have participated in enhanced cooperation, but have not signed or ratified the UPC Agreement, which is a prerequisite for being part of the unitary patent ² . These countries have invoked economic and legal reasons to justify their withdrawal. Poland has estimated that the unitary patent would have a negative impact on its national budget and on its competitiveness. The Czech Republic has expressed doubts about the compatibility of the unitary patent with EU law and about the quality of automatic translations .

Slovakia has also participated in enhanced cooperation, but has opposed the regulation on the unitary patent and has challenged it before the Court of Justice of the EU (CJEU). It has argued that the regulation was contrary to the principle of equal treatment between the member states and the official languages of the EU. It has also questioned the legal basis of the regulation and its respect for national competences in the field of industrial property. The CJEU rejected its request in 2015.

Hungary has ratified the UPC Agreement in 2018, but has denounced it in 2020, following a decision of its Constitutional Court that declared that the Agreement was incompatible with its Constitution. The Court considered that the Agreement infringed on Hungary’s sovereignty in the matter of intellectual property and that it violated the principle of separation of powers by entrusting the settlement of disputes relating to patents to a supranational court not integrated into the Hungarian judicial system.

Here is a table that summarizes that gives the list of European countries that accept the unitary patent and the European countries that have excluded themselves from the unitary patent:

Country	Status	Reason
Germany	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Austria	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Belgium	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Bulgaria	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Cyprus	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Croatia	Excluded	Has not joined enhanced cooperation
Denmark	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Spain	Excluded	Has opposed enhanced cooperation and has challenged the linguistic regime of the unitary patent
Estonia	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Finland	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
France	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Greece	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Hungary	Excluded	Has ratified the UPC Agreement but has denounced it following a decision of its Constitutional Court
Ireland	Accepts	Participates in enhanced cooperation but has not yet ratified the UPC Agreement
Italy	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Latvia	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Lithuania	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Luxembourg	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Malta	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Netherlands	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Poland	Excluded	Participates in enhanced cooperation but has not signed or ratified the UPC Agreement
Portugal	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Czech Republic	Excluded	Participates in enhanced cooperation but has not signed or ratified the UPC Agreement
Romania	Accepts	Participates in enhanced cooperation but has not yet ratified the UPC Agreement
Slovakia	Excluded	Has opposed enhanced cooperation and has challenged the regulation on the unitary patent
Slovenia	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement
Sweden	Accepts	Participates in enhanced cooperation and has ratified the UPC Agreement

What are the consequences of these countries’ exclusion from the unitary patent?

The exclusion of these countries from the unitary patent has consequences for both the holders of unitary patents and the national patent holders in these countries. For the holders of unitary patents, this means that they cannot protect their inventions in these countries through the unitary patent, but they have to resort to the classical European patent or the national patent . They therefore have to bear the costs and formalities related to the validation and maintenance of their patent in these countries, as well as the risks of a fragmented protection and legal uncertainty . For the national patent holders in these countries, this means that they cannot benefit from the advantages of the unitary patent, but they have to face the increased competition of the holders of unitary patents in the other EU countries . They also have to adapt to the rules and procedures of the UPC, which can be seized by the holders of unitary patents to assert their rights against them or to challenge the validity of their classical European patents .

What are the legal issues of the unitary patent for non-participating countries?

The legal issues of the unitary patent system for non-participating countries are complex and not yet fully resolved. One of the main questions is how to deal with cross-border infringement cases involving unitary patents and national patents. For example, if an inventor from a non-participating country, such as Spain, wants to exercise their rights on their classical European patent in a participating country, such as France, where a unitary patent holder is allegedly infringing their patent, which law should they take into account? Well, the question is not easy to answer, as it will have to take into account many international norms. In the end, this very important aspect will be “subjected” to a very complex situation that will necessarily be defined with the successive application of the law.

Another question is how to ensure a fair balance between the interests of the holders of unitary patents and those of national patent holders in non-participating countries. For instance, if a national patent holder in Spain wants to challenge the validity of a unitary patent that covers an invention similar to theirs, how can they do so without having to go before the UPC, which may not be accessible or convenient for them? Conversely, if a unitary patent holder wants to enforce their rights against a national patent holder in Spain who is allegedly infringing their patent, how can they do so without having to go before a national court that may not be familiar or favourable with the unitary patent? These questions raise issues of jurisdiction, recognition and enforcement of judgments, as well as substantive law harmonisation.

These legal issues are likely to generate uncertainty and litigation for both unitary patent holders and national patent holders in non-participating countries. They may also create barriers and distortions in the internal market and affect innovation and competitiveness. Therefore, it is desirable that these issues are addressed and clarified as soon as possible, either by legislative or judicial means.

Conclusion

The unitary patent is a new scheme that offers a simplified, economical and uniform protection in 17 EU member states. It is accompanied by a Unified Patent Court, which has exclusive jurisdiction to settle disputes relating to unitary patents. The unitary patent has advantages and disadvantages for inventors and innovative companies, depending on their strategy and market. Spain is one of the few EU countries that does not intend to join the unitary patent, mainly for linguistic reasons. Its exclusion has consequences for both unitary patent holders and Spanish actors in the patent market. The unitary patent also raises legal issues for non-participating countries, which are not yet fully resolved.

In conclusion, the unitary patent system is a major innovation in the field of intellectual property in Europe, but it also poses significant challenges for its implementation and acceptance. It aims to foster innovation and competitiveness in the EU, but it also creates disparities and conflicts between participating and non-participating countries. It offers a simplified and uniform protection for inventors and innovative companies, but it also exposes them to risks and uncertainties in cross-border litigation. It is therefore important that the unitary patent is carefully monitored and evaluated, and that its benefits and drawbacks are balanced and communicated to all stakeholders.

(1) https://www.epo.org/applying/european/unitary/unitary-patent.html

(2) https://www.epo.org/applying/european/unitary.html

(3) https://www.gov.uk/guidance/the-unitary-patent-and-unified-patent-court

2023, Articles, Cyberculture, Technologies

NRE Cost Optimization for Electronics: A Comprehensive Guide

Posted on June 21, 2023February 20, 2024 by FMTAD

21
Jun

NRE Cost Optimization for Electronics by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Summary

NRE cost optimization for electronics is a key factor for ensuring the profitability of electronic product development. NRE cost can be reduced by using different levers and tools, such as optimizing the V-cycle, the WBS, and the schedule, and using the TRL scale to assess the maturity of technologies. Freemindtronic is an example of a company that uses these techniques to optimize NRE cost for its electronic products with PCB, which are based on its patented technologies and offered under license and white label services.

Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking

March 25, 2024

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation

January 22, 2024

SSH handshake with Terrapin attack and EviKey NFC HSM

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

January 11, 2024

2023 Articles Cyberculture EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine

January 5, 2024

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

December 16, 2023

TETRA Security Vulnerabilities secured by EviPass or EviCypher NFC HSM Technologies from Freemindtronic-Andorra

Articles Digital Security EviCore NFC HSM Technology EviPass NFC HSM technology NFC HSM technology

TETRA Security Vulnerabilities: How to Protect Critical Infrastructures

November 27, 2023

2023 Articles DataShielder Digital Security EviCore NFC HSM Technology EviCypher NFC HSM EviCypher Technology NFC HSM technology

FormBook Malware: How to Protect Your Gmail and Other Data

November 23, 2023

Articles EviCore NFC HSM Technology legal News Training

Dual-Use Encryption Products: a regulated trade for security and human rights

November 17, 2023

Discover our other articles on digital security

Efficient NRE Cost Optimization for Electronics

NRE Cost Optimization, in the field of electronic product development, plays a central role. This one-time cost, associated with designing, testing, and developing a new product, has a direct impact on the product’s unit cost and the profit margin. Therefore, estimating and optimizing NRE cost are essential for ensuring the project’s viability and profitability.

NRE cost depends on several factors, such as:

The complexity and size of the product
The quantity and frequency of the orders
The technology, tools, and methods used for designing, manufacturing, and testing the product
The software associated with the product
The royalty fee paid to the technology provider

The complexity and size of the product can drive up the costs due to the increase in material and labor costs. On the other hand, larger and repeated orders can reduce the NRE cost per unit, as fixed costs are distributed over more units.

In this article, we will explain how to calculate NRE cost for electronic products with PCB (printed circuit boards), which are the core components of any electronic device. We will also present three main levers to reduce NRE cost for electronic products with PCB: optimizing the V-cycle, optimizing the WBS (work breakdown structure), and accelerating schedule. Finally, we will introduce the TRL scale (technology readiness level scale), a tool that can help you optimize NRE cost for electronic products with PCB by assessing and comparing the maturity of different technologies.

We will also show you how Freemindtronic, an Andorran company specialized in security and cybersecurity of computer systems and information systems, uses the TRL scale to optimize NRE cost for its electronic products with PCB. Freemindtronic also offers its technologies under license, including international patents, and provides white label product creation services.

NRE cost optimization for electronics digital cyber security by Freemindtronic from Andorra

How to Calculate NRE Cost for Electronic Products with PCB?

To optimize NRE cost for electronic products with PCB, you need to know how to calculate it. NRE cost can be divided into four main categories:

Design cost: this includes the software tools for CAD (computer-aided design), licenses, salaries of designers, etc.
Fabrication cost: this includes the materials, equipment, tools, personnel, etc. for manufacturing the electronic components and assembling them into a product.
Test cost: this includes the measurement devices, test software, salaries of testers, etc. for verifying the functionality and quality of the product.
Software cost: this includes the firmware, drivers, embedded systems, applications, extensions, etc. associated with the product.
Royalty cost: this includes the fee paid to the technology provider for using their technology in the product.

To calculate NRE cost for electronic products with PCB, you need to estimate the time and resources required for each category. You can use historical data from previous projects or industry benchmarks as references. You can also use online calculators or software tools to help you estimate NRE cost.

In addition to these categories, you also need to consider the software associated with the PCB,

which ensure its functionality and interaction with the user or other systems. The software associated with the PCB include:

Firmware: they are embedded in the PCB and control the behavior of the electronic components. They are usually written in low-level (assembler) or intermediate-level (C, C++, etc.) languages. They are specific to the product and must be adapted to the characteristics of the PCB and the electronic components.
Drivers: they are installed on the computer or system that communicates with the PCB. They allow the system to recognize the PCB and transmit data between the PCB and the system. They are usually written in high-level (C#, Java, Python, etc.) languages. They must be compatible with the operating system and communication protocol used.
Embedded systems: they are installed on the PCB or on another support (memory card, hard disk, etc.). They allow to manage the functions of the product and provide a user interface. They are usually written in high-level (C#, Java, Python, etc.) languages. They must be adapted to the capabilities of the PCB and the needs of the product.
Applications: they are installed on the computer or system that communicates with the PCB. They allow the user to access the functionalities of the product and customize its settings. They are usually written in high-level (C#, Java, Python, Go, Type script, elvet etc.) languages. They must be ergonomic and intuitive for the user.
Extensions: they are installed on the computer or system that communicates with the PCB. They allow to add functionalities to the product or connect it to other services or systems. They are usually written in high-level (html, type script, web RTC, Java, java script, etc.) languages. They must be secure and respect compatibility standards.

These software must be designed, developed and tested in parallel with the PCB, in order to guarantee their coherence and performance. They must also be updated regularly to correct any bugs or to bring improvements to the product.

Besides these categories, you also need to consider the tools required for manufacturing and testing the PCB, which depend on the characteristics of the PCB and the requirements of the product. The tools for manufacturing and testing the PCB include:

Soldering machines: they allow to assemble electronic components on the PCB by soldering. There are different types of soldering machines, depending on the process used (wave soldering, reflow soldering, selective soldering, etc.).
Insertion machines: they allow to insert electronic components through holes in the PCB. They are used for through-hole components, which are fixed by soldering on both sides of the PCB.
Placement machines: they allow to place electronic components on the surface of the PCB. They are used for SMD (surface mount device) components, which are fixed by soldering on one side of the PCB.
Cutting machines: they allow to cut the PCB according to the desired shape. They are used to separate the different parts of the PCB or to adjust the size of the PCB.
Drilling machines: they allow to drill holes in the PCB to insert components or connectors. They are used to make connections between the different layers of the PCB or between the PCB and other elements.
Engraving machines: they allow to engrave patterns or inscriptions on the PCB. They are used to identify the PCB or to add technical or aesthetic information to it. For example, you can engrave the serial number, the manufacturer name, or the logo of the product on the PCB.
Measurement devices: they allow to verify the electrical and physical characteristics of the PCB. They include various devices such as multimeters, oscilloscopes, logic analyzers, insulation testers, etc. These devices allow you to measure the electrical and physical characteristics of the PCB, such as voltage, current, resistance, capacitance, frequency, etc.
Test software: they allow to control the functionality of the PCB and electronic components. They include various software such as simulation software, fault injection software, functional analysis software, etc. These software allow you to test the behavior of the PCB and electronic components under different conditions and scenarios.

These tools must be chosen according to the type and complexity of the PCB, as well as the level of quality required for the product. They must also be calibrated and maintained regularly to ensure their reliability and accuracy.

To illustrate how to calculate NRE cost for electronic products with PCB, let’s take an example of a project that involves developing a new product based on a 4-layer PCB with 1000 components (800 SMD and 200 through-hole). The project duration is 12 months and requires two engineers (one for design and one for test) with a salary of $3000 per month each. The project also requires a CAD software license ($5000), a fabrication service ($5000), a test service ($5000), a software development service ($10 000), and a royalty fee (5% of sales).

The following table shows how to calculate NRE cost for this project:

Item	Formula	Cost
Human resources	(3 000 + 2 000) x (1 + 0.5) x 2 x 12	$90 000
Software tools	–	$10 000
Materials	–	$5 000
Equipment	–	$15 000
Software	–	$10 000
Royalty fee	0.05 x 200 000	$10 000
Total NRE cost	Sum of above items	$140 000

As you can see, NRE cost can be quite high for electronic products with PCB, especially if the product is complex or requires specific technologies or tools. Therefore, it is important to optimize NRE cost by using different levers and tools that can improve the efficiency and quality of the product development process.

Three Main Levers to Reduce NRE Cost for Electronic Products with PCB

To optimize NRE cost for electronic products with PCB, you need to know how to reduce it. NRE cost can be reduced by using different levers and tools that can improve the efficiency and quality of the product development process. In this section, we will present three main levers to reduce NRE cost for electronic products with PCB:

Optimizing the V-cycle: this is to optimize the design process of the product, which follows a V-shaped model that consists of four main phases: definition, design, verification, and validation. Optimizing the V-cycle relies on the following sub-levers:

Defining clearly and precisely the customer needs and product specifications, which are translated into functional and technical requirements for the product. This helps to avoid ambiguity and misunderstanding, and to align the expectations of all stakeholders. Designing modular and scalable product, which allows reusing existing components or technologies and adapting easily to future changes or improvements. This helps to reduce the design cost and time, and to increase the flexibility and adaptability of the product. Making prototypes and mock-ups, which allow testing the product in real conditions and collecting customer feedback. This helps to validate the feasibility and functionality of the product, and to identify and correct any errors or defects before mass production. Planning rigorously and realistically the project, taking into account technical, financial, and temporal constraints, and anticipating possible contingencies. This helps to optimize the use of resources, to avoid delays and budget overruns, and to manage risks effectively. Monitoring and controlling regularly the project, using performance indicators and appropriate project management tools, which measure the progress of the project and identify deviations from the initial plan. This helps to ensure the quality and efficiency of the project execution, and to take corrective actions if needed. Validating systematically the product at each stage of the V-cycle, using appropriate methods and test criteria, which ensure compliance and quality of the product. This helps to verify that the product meets the customer needs and product specifications, and to obtain certification or approval from relevant authorities.

Optimizing the WBS (work breakdown structure): this is to structure the project into sub-projects, tasks, and activities, which are hierarchized and detailed according to their level of complexity and dependence. Optimizing the WBS relies on the following sub-levers:

Decomposing logically and coherently the project, respecting the principle of sum of parts equal to whole, that is, each element of WBS must contribute to achieving global project. This helps to clarify the scope and objectives of the project, and to avoid duplication or omission of work. Defining clearly and precisely deliverables associated with each element of WBS, specifying expected features, responsibilities, deadlines, and costs. This helps to define the expected outcomes of each element of WBS, and to assign roles and responsibilities to each actor of the project. Assigning resources needed for each element of WBS, taking into account skills, availability, and costs of human, material, and financial resources. This helps to allocate resources efficiently and effectively to each element of WBS, and to optimize the cost and quality of the project. Coordinating and communicating among different actors of project, using collaborative tools and agile methods, which promote information exchange and problem solving. This helps to ensure the coherence and consistency of the project, and to foster the collaboration and innovation among different actors.

Accelerating schedule: this is to reducethe total duration of project by optimizing use of available resources and minimizing idle times. Accelerating schedule relies on following sub-levers:Reducing duration of critical tasks that have direct impact on end date of project. For this, we can use techniques such as crashing (increasing resources assigned to a task) or fast-tracking (performing tasks in parallel instead of sequentially). This helps to shorten the critical path of the project, which determines the minimum time required for completing the project. Increasing parallelism of non-critical tasks that do not affect the end date of project, but can reduce the total duration of project. For this, we can use techniques such as overlapping (starting a task before the previous one is completed) or splitting (dividing a task into smaller subtasks that can be performed in parallel). This helps to increase the concurrency of tasks in the project, which reduces idle times and improves resource utilization. Eliminating or minimizing slack time of tasks that is the difference between the earliest and latest start or finish times of a task. For this, we can use techniques such as resource leveling (balancing the demand and supply of resources over the project duration) or resource smoothing (adjusting the resource allocation to reduce peaks and valleys in resource usage). This helps to optimize the slack time of tasks, which can be used to absorb uncertainties or delays, or to improve quality or performance.

These levers and tools can help you optimize NRE cost for electronic products with PCB by reducing errors, delays, and budget overruns by improving the quality and efficiency of the product development process. They can also increase customer satisfaction and confidence by demonstrating the compliance and quality of the product at each stage of development.

How to Use the TRL Scale to Optimize NRE Cost for Electronic Products with PCB?

Another tool that can help you optimize NRE cost for electronic products with PCB is the ^TRL scale, or technology readiness level scale. The TRL scale is a tool for measuring or indicating the maturity of a technology. It was originally developed by NASA in the 1990s as a means to manage the technological risk of its programs. The TRL scale can help you optimize NRE cost for electronic products with PCB by providing a common language and framework for assessing and comparing the maturity of different technologies in the context of a specific application, implementation, and operational environment. The TRL scale also helps you identify gaps and risks in your technology development process, and plan appropriate actions and resources to address them.

The TRL scale ranges from 1 to 9, with 9 being ready for commercialization. The TRL scale describes the performance history of a given system, subsystem, or component relative to a set of levels that correspond to different stages of development.

The following table summarizes the main characteristics and criteria of each TRL level:

TRL	Definition	Description	Criteria
1	Basic principles observed	Scientific research begins and results are translated into future research and development	Publication or report of basic principles
2	Technology concept formulated	Basic principles are applied to practical applications and experimental proof of concept is obtained	Publication or report of applied research
3	Analytical and experimental critical function and/or characteristic proof-of-concept	Active research and design begin and proof-of-concept model is constructed	Analytical studies and laboratory tests
4	Component/subsystem validation in laboratory environment	Component pieces are tested with each other in a simulated environment	Component integration and testing
5	Component/subsystem validation in relevant environment	Breadboard technology is tested in a realistic environment with simulated interfaces	System-level testing in relevant environment
6	System/subsystem model or prototype demonstration in a relevant environment	Fully functional prototype or representational model is demonstrated in a realistic environment with actual interfaces	System-level testing in relevant environment
7	System prototype demonstration in an operational environment	Working model or prototype is demonstrated in an extreme environment with all interfaces	System-level testing in operational environment
8	Actual system completed and qualified through test and demonstration	Technology has been tested and “flight qualified” and is ready for implementation into an existing technology or technology system	System-level testing in operational environment
9	Actual system proven through successful mission operations	Technology has been “flight proven” during a successful mission and meets all performance requirements	System-level testing in operational environment

What are the Benefits of Using the TRL Scale for Freemindtronic?

By using the TRL scale, Freemindtronic was able to achieve the following benefits:

Providing a common language and framework for assessing and comparing the maturity of its technology with other technologies on the market.
Identifying gaps and risks in its technology development process and planning appropriate actions and resources to address them.
Reducing errors, delays, and budget overruns by improving the quality and efficiency of its product development process.
Increasing customer satisfaction and confidence by demonstrating the compliance and quality of its product at each stage of development.

Freemindtronic also offers its technologies under license, including international patents, and provides white label product creation services. This allows its customers to protect their products and services created in their brand and embedding Freemindtronic’s technologies. In addition, they benefit from territorial protection in terms of international intellectual property. Freemindtronic also offers the possibility of negotiating an NRE royalty with its customers, depending on the added value of its technology and market conditions. Moreover, Freemindtronic has designed a mutualized offer of its NRE costs, distributed among all its customers under licenses. This has the effect of reducing the royalty cost attached to the NRE. This also has the effect of making affordable access to the different licenses, especially patented ones, which produce a low impact on the products marketed.

Freemindtronic guarantees an industrial quality of its products,

manufactured with industrial grade electronic components. It also ensures a complete traceability of the manufacture of its offline products and end-to-end cybersecurity from HSMs, from design to end user.

Conclusion and Contact Information

We hope that this article has given you some useful insights on how to optimize NRE cost for electronic products with PCB by using different levers and tools. We also hope that you have learned how to use the TRL scale to optimize NRE cost for electronic products with PCB by assessing and comparing the maturity of different technologies.

We also showed you how Freemindtronic, an Andorran company specialized in security and cybersecurity of computer systems and information systems, uses the TRL scale to optimize NRE cost for its electronic products with PCB. Freemindtronic also offers its technologies under license, including international patents, and provides white label product creation services.

If you have any questions or comments, please feel free to contact us. We will be happy to assist you with your project.

Thank you for your attention.

To contact us click here

Articles, Cyberculture, Digital Security, Technical News

Protect Meta Account Identity Theft with EviPass and EviOTP

Posted on May 31, 2023March 25, 2024 by FMTAD

31
May

Protect Meta Account identity theft by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

How to Spot and Avoid Phishing Attacks on Meta

Have you ever wondered what would happen if someone hacked your Meta account and used it for malicious purposes? Identity theft is a serious threat that affects millions of internet users worldwide. It can harm your reputation, finances, privacy, and even your safety. That’s why it’s essential to protect your Meta account from identity theft.

Articles Crypto Currency Digital Security EviSeed EviVault Technology News

Enhancing Crypto Wallet Security: How EviSeed and EviVault Could Have Prevented the $41M Crypto Heist

September 11, 2023

Secure your cryptocurrencies with a cold wallet NFC HSM hacker hood with laptop secure cryptocurrencies the fatal mistake of using a virtual password manager lastpass hacked

Articles EviVault Technology News Uncategorized

Why choose a Cold Wallet NFC HSM to secure your cryptocurrencies?

September 10, 2023

EviVault NFC HSM and EviCore NFC HSM Embedded ISO 15693 VS Flipper Zero

Articles Digital Security EviVault Technology NFC HSM technology Technical News

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester

July 4, 2023

CryptBot: the malware that targets your data and crypto on Chrome

Articles EviVault Technology Phishing

Cryptbot malware steals data cryptocurrencies

May 1, 2023

Protecting Your Meta Account from Identity Theft

Meta is a family of products that includes Facebook, Instagram, Messenger, WhatsApp, Oculus, and more. These products allow you to connect with people, share content, play games, shop online, and explore new realities. However, they also store a lot of personal information that can be exploited by hackers if you don’t secure your account properly.

Identity theft of online accounts is a growing problem that affects many Meta users. Hackers use various techniques to illegally obtain user credentials and two-factor authentication information. This results in financial, legal, and psychological consequences for the victims, who find themselves deprived of their digital identity. In this article, we explain how to protect your Meta account from identity theft, with a focus on the security of your passwords and your two-factor authentication. We also present real testimonials of identity theft on Meta, which illustrate the seriousness of this problem and the importance of protecting yourself. Finally, we introduce you to an innovative solution that allows you to manage OTP tokens (One Time Password) securely and contactlessly thanks to an NFC device (Near Field Communication).

Creating Strong and Unique Passwords to Safeguard Your Meta Account

To enhance the security of your Meta account, it’s crucial to create strong and unique passwords. A strong password is the first line of defense against identity theft. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using obvious personal information, such as your name or date of birth. Furthermore, avoid reusing the same password on multiple accounts, as this makes it easier for hackers to gain unauthorized access. Consider using a secure password manager such as EviPass, offered by Freemindtronic, to store your passwords securely and regularly check their integrity.

Enhancing Meta Account Security with Two-Factor Authentication (2FA)

Enhancing the security of your Meta account is crucial, and enabling two-factor authentication (2FA) is an effective way to achieve that. In the security and login settings of your Meta account, you have access to a range of 2FA methods. Each method has its own advantages and considerations, empowering you to select the most suitable option for your needs.

Table: Comparison of Different 2FA Methods on Meta

2FA Method	Advantages	Disadvantages
Security Key	Highly secure, doesn’t require internet connection	Expensive, susceptible to loss or forgetfulness, requires USB or NFC port
Authentication App	More secure than SMS, compatible with multiple accounts	Risk of smartphone loss or theft, requires prior installation
SMS	Simple and quick	Risk of phone number hacking, reliance on mobile network
Authentication Applications	Enhanced security, generates secure 2FA codes	Risk of smartphone loss or theft
EviPass	Highly secure, contactless, compatible with multiple accounts, no prior installation required	Requires purchase of EviPass device

The Ultimate Solution – EviPass and EviOTP for Meta Account Protection

EviPass, powered by Freemindtronic’s EviOTP technology, offers the best of both worlds with its PassCypher product. PassCypher combines two technologies: EviPass Hardware and/or Digital Manager, compatible with Freemindtronic’s NFC HSM devices. It also incorporates the EviOTP technology, a secret key manager for OTP and HOTP, enabling the generation of OTP codes. With PassCypher, you can experience highly secure and contactless 2FA. It eliminates the need for prior installation and provides a seamless user experience. By securely storing and generating OTP secret keys using EviOTP technology, PassCypher ensures end-to-end authentication. Please note that the PassCypher device, which includes EviPass and EviOTP technologies, needs to be purchased to utilize this comprehensive solution.

Being Vigilant Against Phishing Attacks to Secure Your Meta Account

Hackers often use phishing techniques to trick you into disclosing your credentials. Be vigilant about suspicious emails or messages asking for your credentials or personal information. Do not click on dubious links and always check the website address before entering your information. If you receive a suspicious message claiming to be from Meta, report it immediately.

Regularly Updating Security Information for Meta Account Protection

To maintain optimal security, it is important to update your security information regularly, such as your recovery email address and phone number. This information will allow you to regain access to your account in case of identity theft or password forgetfulness. Make sure you choose secure and easily accessible recovery information that only you have access to.

Implementing EviOTP for Enhanced Meta Account Security against Identity Theft

One innovative solution for securing your Meta account is EviOTP by Freemindtronic. EviOTP utilizes contactless technology and NFC devices to securely manage OTP tokens (One Time Passwords). By enabling two-factor authentication with EviOTP, you are required to provide an additional code along with your password when logging into your Meta account. This method offers optimal protection against phishing attacks and identity theft, as your OTP tokens are stored and encrypted within the NFC device, physically isolated from your computer and phone systems.

Table: Advantages and disadvantages 2FA

2FA Method	Pros	Cons
SMS	Simple and fast	Risk of hacking your phone number, dependence on mobile network
Authentication App	More secure than SMS, compatible with multiple accounts	Risk of losing or stealing your smartphone, requires prior installation
Security Key	Very secure, does not require internet connection	Expensive, easy to lose or forget, requires USB or NFC port
EviOTP	Very secure, contactless, compatible with multiple accounts, does not require prior installation	Requires purchasing the EviOTP device

Considering the different options available, each 2FA method offers unique benefits and drawbacks. Security keys provide a high level of security but may be costly and prone to loss. Authentication apps offer increased security and compatibility, but the risk of smartphone theft exists. SMS codes are simple and fast but carry the risk of phone number hacking. Authentication applications like Google Authenticator or Microsoft Authenticator generate secure codes but are still susceptible to smartphone loss. Finally, EviOTP stands out as a highly secure, contactless option compatible with multiple accounts, although it requires purchasing the EviOTP device.

EviOTP – The Ultimate 2FA Solution

For the ultimate 2FA solution, EviOTP by Freemindtronic offers unmatched security and convenience. EviOTP combines contactless technology, compatibility with multiple accounts, and a seamless user experience. It eliminates the need for prior installation and configuration, making it ready to use right out of the box. By securely storing and generating OTP secret keys, EviOTP ensures end-to-end authentication. To benefit from EviOTP, please note that the EviOTP device must be purchased.

To enable two-factor authentication with Contactless OTP Manager, you must follow these steps:

Download and install the PassCypher application embedding the EviPass technology and especially EviOTP on your NFC-compatible Android mobile device from the Google Play Store.
Log in to your Meta account on a computer or mobile browser.
Go to the security and login settings of your Meta account and click on “Use two-factor authentication”.
Choose the option “Authentication application” and follow the instructions on the screen.
Open the PassCypher application on your mobile device and bring your Contactless OTP Manager device close to the phone to scan the QR code displayed by Meta.
Enter the six-digit code generated by Contactless OTP Manager in the “Security Code” field on Meta and click on “Next”.
Save the recovery codes provided by Meta in case of loss or theft in your Contactless OTP Manager device that you also use to generate codes to authenticate yourself.

Beware of phishing attacks

Update your security information regularly

Real Testimonials of Meta Account Identity Theft and Steps to Protect Yourself

Identity theft is a phenomenon that affects more and more internet users worldwide. According to a study by the Federal Trade Commission, consumers reported losing more than $5.8 billion to fraud in 2021, an increase of more than 70% over the previous year. Among the most common types of fraud are identity theft scams, which aim to steal the login information of users on various Meta products, such as Instagram, Facebook, Messenger, WhatsApp or Oculus. These information can then be used to harm the reputation, finances or privacy of the victims.

Finding real testimonials of identity theft on Meta is not always easy. Indeed, victims may feel ashamed of being fooled, afraid of the consequences or simply not know who to turn to report the problem or ask for help. That’s why we have gathered in this section some true and verified stories that illustrate the different possible scenarios of identity theft on Meta. These stories are presented in the form of small short paragraphs that are easy to read and explain how the victims discovered the hacking, how they reacted and what were the consequences.

We hope that these testimonials will help you to become aware of the risks associated with identity theft on Meta and to adopt good practices to protect your personal data online. If you are a victim or witness of identity theft, do not hesitate to report the problem to the competent authorities and ask for help from specialized services.

Marie found June 6, 2021 Marie’s Instagram account was hacked by scammers. They tricked her into giving them her login information. They used her account to ask her followers for money. Marie reported the hack to Instagram and warned her contacts. She finally got her account and her 2,000 followers back. She learned to be more careful online.

A woman from France had her Instagram account hacked by scammers who tried to extort money from her followers. She contacted Meta, but received no response. She then contacted a cybersecurity expert who helped her recover her account and her 6,000 followers.

Muriel, a regular user of Meta, was a victim of identity theft on her personal account as well as on her Meta Business Manager account. Despite activating two-factor authentication, hackers managed to bypass security measures, leaving Muriel in a difficult situation. Unable to receive the necessary help from Meta, she shared her experience on social networks, hoping to find a contact within Meta who could help her solve this frustrating problem.
In December 2021, Meta filed a lawsuit against the bad actors who allegedly created over 39,000 websites that resembled the login pages of Instagram, Facebook, Messenger, and WhatsApp. The defendants used these websites to deceive users and collect their login information. They also infringed Meta’s trademarks by using its logos and names on their fake pages.
In February 2023, a couple was victim of a phishing scam that targeted META users. They received an email that seemed to come from the social network and asked them to confirm their credentials and password to avoid the closure of their account. When they clicked on the link, they were redirected to a fake login page that recorded their data. A few days later, they noticed that their account had been hacked and that fraudulent purchases had been made with their credit card linked to their META account.
In October 2022, a woman discovered that her Instagram account had been hacked and that a scammer had used her identity to blackmail her followers. He sent them messages pretending to be her and asking for nude photos or money. He threatened to expose their private conversations or photos if they did not comply. The victim reported the hack to Instagram and warned her contacts about the scam.
In October 2021, a man was sentenced to 18 months in prison with a suspended sentence for having impersonated several personalities on social networks, including the president of the French Republic Emmanuel Macron. He created fake META (ex-Facebook) accounts and sent private messages to internet users asking them for money or services. He also tried to extort personal information from journalists and politicians by pretending to be their relatives or collaborators.
In February 2020, a woman discovered that her META account had been hacked and that a scammer had used her identity to trick her friends. He sent them messages pretending to be her and asking them for financial help for an emergency. He then asked them to send him PCS recharge codes (prepaid cards) that he could use to buy goods or services online. The victim filed a complaint and alerted her contacts about the hack.
French case of Loïc: Loïc suffered identity theft on Meta for a grueling period of 17 years. Hackers opened numerous bank accounts in his name, took out consumer loans and used his information to benefit from social and tax benefits. Loïc recounted his ordeal during an interview with Olivier Delacroix on Europe 1 on January 15th, 2019. For years, he had to provide proof of identity and fight with administrations, banks and bailiffs to restore the truth and regain control of his digital identity.
Case of Julie: Julie was a victim of identity theft on her Meta account by her ex-partner. He managed to access her account by cloning her SIM card, changing her security information and posting defamatory messages in her name. Julie quickly became aware of the situation and immediately filed a complaint with the competent authorities. She also contacted the Cybermalveillance.gouv.fr service to get help in the process of recovering her account and protecting her online reputation.
Thomas’s Instagram account was hacked by a hacker who impersonated him and sent rude messages to his contacts. He managed to recover his account with the help of a cybersecurity expert.
Benoît fell victim to a scam on WhatsApp. He received a message from a friend who asked him to lend him money urgently. He agreed and sent 500 euros by bank transfer. He realized too late that it was an impostor who had hacked his friend’s account.
Clara was a victim of identity theft on her Facebook account. She received a notification that told her she had won a free trip and asked her to click on a link to claim it. She followed the link and entered her Facebook credentials. She realized too late that it was a trap to steal her data and use it to create fake profiles in her name.
David was a victim of identity theft on his Oculus account. He received an email that told him he had been selected to test a new virtual reality game and asked him to download an app on his smartphone. He downloaded the app and scanned a QR code with his Oculus headset. He realized too late that it was a malicious software that had stolen his login information and used his account to buy games without his permission.
Emma was a victim of identity theft on her Meta Workplace account. She received a message from a colleague who asked her to send him confidential documents related to an ongoing project. She trusted him and sent the documents by email. She realized too late that it was an impostor who had hacked her colleague’s account and used the documents to harm the company.
Another real case of identity theft on Meta is that of Aaron Elekes. This film and TV producer had his Facebook account hacked by scammers who impersonated him and his contacts. Despite his efforts to recover his account, he did not receive the necessary help from Meta. He had to create several new accounts under his name, which caused him a lot of stress and frustration. This testimonial shows how important it is to protect your Meta account from identity theft.

Other real examples of identity theft on Meta include:
- A company called Meta that accuses Meta (formerly Facebook) of unlawfully seizing its mark, name and identity.
- The risks associated with identity theft on Meta, such as the loss of personal data, the spread of false information, the contact scam or the infringement of copyright.

These real testimonials of identity theft on Meta illustrate the severity of the problem and highlight the importance of taking adequate security measures to protect your account. By following the tips mentioned above, such as creating strong passwords, enabling two-factor authentication and using innovative solutions like EviPass and EviOTP, you can enhance the security of your Meta account and significantly reduce the risks of identity theft.

Conclusion: Safeguard Your Meta Account from Identity Theft

Protecting your Meta account from identity theft is essential to preserve your online security. By following the recommended security measures, such as creating strong and unique passwords, enabling two-factor authentication and using innovative solutions like EviPass and EviOTP from Freemindtronic, you enhance the security of your account and reduce the risks of identity theft. Also be vigilant about phishing attempts and make sure to update your security information regularly. Use the tools and technologies at your disposal to enhance the security of your Meta account. By following these tips, you will be able to fully enjoy your experience on Meta with peace of mind.

Protect your digital identity and take the necessary steps to secure your Meta account now. Don’t let hackers steal your online identity. Be proactive in your approach to security and make protecting your account a top priority.

By adopting strong security measures and staying informed about the latest techniques used by hackers, you can minimize the risks of identity theft and protect your digital life on Meta. Make sure you implement the recommendations presented in this article and don’t hesitate to explore more advanced security solutions to further enhance the protection of your account. Your online security is in your hands, so act now to protect your Meta account from identity theft.

Protect your digital identity and take the necessary steps to secure your Meta account now. Don’t let hackers steal your online identity. Be proactive in your approach to security and make protecting your account a top priority.

By adopting strong security measures and staying informed about the latest techniques used by hackers, you can minimize the risks of identity theft and protect your digital life on Meta. Make sure you implement the recommendations presented in this article and don’t hesitate to explore more advanced security solutions to further enhance the protection of your account. Your online security is in your hands, so act now to protect your Meta account from identity theft.

Remember that securing your Meta account is not limited to these measures. Stay vigilant, educate yourself on the latest security practices and be proactive in protecting your digital identity. By taking these precautions, you can fully enjoy your experience on Meta safely and peacefully.

EviPass the ultimate offline NFC hardware password manager passwordless manager by Freemindtronic Andorra

About Freemindtronic

Freemindtronic is a company specialized in digital security solutions based on NFC technology (Near Field Communication). Founded in 2017 by Jean-Marc Zanni, an expert in embedded systems engineering, Freemindtronic offers innovative products such as EviPass and EviOTP that allow users to manage their passwords and OTP tokens securely and contactlessly. Freemindtronic’s solutions are designed for individuals and professionals who want to protect their digital identity from cyberattacks and identity theft.

2023, Articles, Cyberculture, Digital Security, Technical News

Strong Passwords in the Quantum Computing Era

Posted on May 5, 2023March 15, 2024 by FMTAD

05
May

Strong Passwords by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

How to Protect Your Passwords from Quantum Computers Introduction

Do you know that quantum computers could break your passwords in seconds? This could expose your personal and financial data to hackers. To prevent this, you need to create strong passwords that can resist quantum attacks. In this article, you will learn how to do it easily and effectively.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking

March 25, 2024

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

February 10, 2024

How to create strong passwords in the era of quantum computing?

Quantum computing is a technology that promises to revolutionize the field of computation by exploiting the properties of subatomic particles. It offers unprecedented possibilities for scientific research, artificial intelligence or cryptography. But it also represents a risk for the security of data and online communications. Indeed, quantum computers could be able to crack the secret codes that protect our passwords, our bank accounts or our private messages.

What is quantum computing? What is encryption? What is a brute force attack?How to protect ourselves from this threat? The answer is simple: create strong passwords and resist quantum attacks. But what is a strong password? And how to choose it? Here are some tips to help you strengthen your digital security in the era of quantum computing.

What is quantum computing and how does it work in video?

What is a strong password?

A strong password is a password that is hard to guess or crack by a hacker. It must be composed of at least 12 characters, mix uppercase and lowercase letters, numbers and symbols, and not contain dictionary words, proper names or personal data. For example, “P@ssw0rd123” is not a strong password, because it is too short, too simple and too common. On the other hand, “Qx7!tZ9#rGm4” is a strong password, because it is long, complex and random.

Why is a strong password important?

A strong password is important because it reduces the risk that your account will be hacked by a brute force attack. A brute force attack consists of testing all possible combinations of characters until finding the right password. The longer and more complex the password, the more possible combinations there are, and the more time and resources it takes to crack it.

For example, a password of 8 characters composed only of lowercase letters has about 200 billion (26^8) possible combinations. A classical computer can crack it in a few minutes. But a password of 20 characters composed of letters, numbers and symbols has about 10^39 (95^20) possible combinations. A classical computer would need 766 trillion years to crack it.

But what about quantum computers?

Quantum computers are able to perform calculations much faster and more powerful than classical computers thanks to their ability to manipulate qubits instead of bits. A qubit can take two states simultaneously (0 and 1), which allows it to explore multiple solutions at the same time. Thus, a quantum computer could theoretically crack a password by testing all possible combinations in parallel.

However, there are technical and practical limits to this ability. First, you need to have a quantum computer powerful and stable enough to perform this type of operation. However, current quantum computers are still very rudimentary and only have a limited number of qubits. Second, you need to know the type of encryption used to protect the password. However, there are encryption algorithms that are resistant to quantum attacks, such as symmetric encryption or elliptic curve encryption. Third, you need to have access to the system that stores the password. However, there are security measures that prevent unauthorized access, such as two-factor authentication or account locking after several unsuccessful attempts.

Thus, even if quantum computers represent a potential threat for the security of passwords, they are not yet able to crack them easily. Nevertheless, it is prudent to prepare for the advent of this technology by creating strong passwords and changing them regularly.

How to choose a strong password?

To choose a strong password, there are several methods. Here are some examples:

The Diceware method: it consists of randomly choosing several words from a predefined list and separating them by spaces or symbols. For example, “piano cat star 7 &”. This method allows you to create passwords that are easy to remember and hard to crack.
The XKCD method: it consists of choosing four random words and assembling them without space. For example, “correcthorsebatterystaple”. This method is inspired by a comic from the XKCD site that shows that this type of password is safer than a complex but short password.

The random generator method: it consists of using an online tool that creates a random password composed of letters, numbers and symbols. For example, “Qx7!tZ9#rGm4”. This is the method implemented in the evicore nfc and evicore hsm technology from Freemindtronic, which features a random password generator with Shannon entropy control. This technology also automatically calculates the number of bits of the generated password based on the type of printable ASCII 95 characters used. This method allows you to create very secure passwords but difficult or impossible to remember, which requires the use of a hardware or virtual password manager. Whatever the method chosen, it is important to follow some rules:

Do not use the same password for multiple accounts or services.
Do not write the password on a paper or store it on an insecure device.
Do not share the password with other people or communicate it by email or phone.
Do not use obvious clues or security questions to recover the password in case of forgetfulness.
Use a password manager to store and manage your passwords securely.

Tools for creating and protecting strong passwords

If you want to create and protect strong passwords in the age of quantum computing, you can use some of these online tools to help you:

Online password generator: A tool that creates a random and strong password composed of letters, numbers and symbols. For example, Mot de passe.xyz is a free and secure online password generator that lets you choose the length and types of characters for your password.
Password strength calculator: A tool that calculates the entropy (the number of bits) of a password based on its length and the number of possible characters. For example, Password Entropy Calculator is a free online tool that shows you how strong your password is and how long it would take to crack it.
Data breach checker: A tool that checks if your email or phone number has been exposed in a data breach. For example, Have I Been Pwned? is a free online service that lets you check if your personal information has been compromised by hackers.

Using these tools can help you create and protect strong passwords that are resistant to quantum attacks. However, you should also remember to use different passwords for different accounts, change them regularly, and use a password manager to store them safely.

In conclusion

Passwords are essential to protect our privacy and our data online. Faced with the potential threat of quantum computers, it is important to create strong passwords and resist quantum attacks. To do this, we need to choose passwords that are long and complex, change them regularly and manage them with caution. Thus, we will be able to enjoy the benefits of quantum computing without fearing for our digital security.

2023, Articles, Cyberculture, Eco-friendly, Electronics, GreenTech, Technologies

The first wood transistor for green electronics

Posted on April 29, 2023March 15, 2024 by FMTAD

29
Apr

Wood transistor by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

The first wood transistor for green electronics

Wood is a natural and renewable material that can be used for many purposes, from construction to furniture. But did you know that wood can also be used to make electronic devices? In this article, we will introduce you to the first wood transistor ever created, and explain how it works and why it is a promising innovation for green electronics.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News

NFC vCard Cardokey: Revolutionizing Digital Networking

March 25, 2024

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

March 15, 2024

2024 Cyberculture Uncategorized

Chinese cyber espionage: a data leak reveals the secrets of their hackers

March 2, 2024

2024 Cyberculture

Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

February 24, 2024

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

February 21, 2024

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation

January 22, 2024

2023 Articles Cyberculture EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine

January 5, 2024

What is a wood transistor?

A transistor is a device that can amplify or switch electrical signals. Transistors are the building blocks of modern electronics, such as computers, smartphones, and sensors. They are usually made of silicon, a semiconductor material that can conduct electricity under certain conditions.

However, a wood transistor is a type of transistor that uses wood as the base material instead of silicon. Wood is also a semiconductor, but with different properties than silicon. To make wood transistors, researchers coat thin slices of wood with carbon nanotubes. These are tiny tubes of carbon atoms that have excellent electrical and mechanical properties.

The carbon nanotubes act as electrodes, which are the parts of the transistor that connect to the external circuit. The wood acts as the channel, which is the part of the transistor that controls the flow of current between the electrodes.

How does a wood transistor work?

A wood transistor works by applying a voltage to one of the electrodes, called the gate. This voltage creates an electric field that affects the conductivity of the wood channel. By changing the gate voltage, the current flowing between the other two electrodes, called the source and the drain, can be modulated.

The wood transistor can operate in two modes: depletion mode and enhancement mode. In depletion mode, the wood channel is normally conductive, and the gate voltage can reduce or stop the current flow. In enhancement mode, the wood channel is normally non-conductive, and the gate voltage can increase or start the current flow.

The researchers who developed the wood transistor made an interesting discovery. They found that it can switch between depletion mode and enhancement mode by changing the polarity of the gate voltage. This means that the wood transistor can perform both n-type and p-type functions, which are essential for creating complex electronic circuits.

Why is a wood transistor important?

A wood transistor is important because it offers several advantages over conventional silicon transistors. Some of these advantages are:

Wood is abundant, cheap, biodegradable, and renewable, which makes it an environmentally friendly alternative to silicon. Silicon is scarce, expensive, non-biodegradable, and requires high-energy processing.
Wood transistors have a low operating voltage, which means they consume less power and generate less heat than silicon transistors. This can improve the energy efficiency and performance of electronic devices.
Wood transistors have a high sensitivity to humidity and temperature changes, which makes them suitable for applications such as environmental sensors and smart textiles.
Moreover, wood transistors have a flexible and transparent structure, which makes them compatible with flexible and wearable electronics.

What are the challenges and opportunities for wood transistors?

Researchers are still developing wood transistors, and they face some challenges and opportunities for further improvement. Some of these are:

The stability and reliability of wood transistors need to be enhanced by optimizing the fabrication process and protecting them from moisture and oxidation.
The scalability and integration of wood transistors need to be improved by developing methods to produce large-area and high-density arrays of wood transistors on various substrates.
The functionality and diversity of wood transistors need to be expanded by exploring different types of wood materials and carbon nanotube coatings with different properties.
The applications and markets for wood transistors need to be explored by collaborating with industry partners and end-users who can benefit from this novel technology.

Conclusion

Wood transistors are a breakthrough innovation that can revolutionize green electronics. They combine the natural advantages of wood with the exceptional properties of carbon nanotubes to create low-power, high-performance, flexible, transparent, and biodegradable electronic devices.

Source

Li, T., Zhu, H., Wang, X. et al. Wood-based fully biodegradable and flexible electronic devices. Nat Electron 4, 33–40 (2021). https://doi.org/10.1038/s41928-020-00518-9

[1] A transistor made of wood: Electrical current modulation in wood electrochemical transistor – https://www.pnas.org/content/118/17/e2026873118

2023, Articles, Cyberculture, Training

ChatGPT on cybersecurity and system safety

Posted on April 21, 2023February 20, 2024 by FMTAD

21
Apr

ChatGPT Cybersecurity System Safety

ChatGPT is an AI chatbot for cybersecurity launched by OpenAI in November 2022. It is trained with RLHF and uses GPT-3.5 language models. ChatGPT can perform various tasks such as pentesting, fuzzing, shellcode generation, custom email creation or buffer overflow exploitation. ChatGPT can also help blue teams detect and prevent cyberattacks .

Preamble

To learn

Create

Have fun

Get informed

Discuss

Test

Collaborate

Explorer

Improve

Personalize

Prompt ChatGPT Openai white freemindtronic Andorra

Other

ChatGPT Cybersecurity

ChatGPT is an artificial intelligence tool that allows you to generate text from your inputs. You can use it to create content, learn new things, entertain yourself, or just chat. But to get the most out of ChatGPT, you need to know how to talk to it. That’s where prompts come in.

Prompts are short sentences or texts that you enter into ChatGPT’s interface to ask for a response or a continuation of the conversation. They serve to guide the AI to a response or continuation of the conversation that meets your expectations. By using well-formulated prompts, you can interact with ChatGPT effectively and get quality answers.

In this article, we will introduce you to the best prompts to exchange with ChatGPT on cybersecurity and safety of computer systems, phone systems, communication systems, information system, industrial system, home automation system. We’ve grouped them into 10 categories depending on the type of response or conversation you want to get. Whether you want to learn, create, have fun or get informed, here you will find the prompts you need.

1 – To learn

If you want to use ChatGPT as a learning tool about cybersecurity and systems safety, you can ask it to explain concepts, teach you skills, or help you solve problems. Here are some examples of prompts you can use to learn with ChatGPT:

Explain [cybersecurity or safety concept] to me as if I were 5 years old.
Teach me how to [apply a cybersecurity or safety measure or technique] step by step.
Help me solve this problem: [cybersecurity or safety scenario or case study].
What are the best resources for learning [cybersecurity or safety field or topic]?
What are the advantages and disadvantages of [cybersecurity or safety choice or solution]?
What is the difference between [term A] and [term B] when it comes to cybersecurity or safety?
How can I improve in [cybersecurity or safety field or topic]?
What are the pitfalls to avoid when [doing something related to cybersecurity or safety]?
What is the story of [cybersecurity or safety event or persona]?
What are the most interesting facts about [cybersecurity or safety field or topic]?

2 – Create

If you want to use ChatGPT as a cybersecurity and systems safety authoring tool, you can ask it to generate content, design items, or give ideas. Here are some examples of prompts you can use to create with ChatGPT:

Write a blog post on [cybersecurity or safety topic] using AIDA (Attention, Interest, Desire, Action) format.
Creates a catchy slogan for
.
Give me 10 name ideas for new cybersecurity or safety software.
Draw me an architecture diagram for a secure or secure system.
Write a safety or security policy for [organization or project].
Compose a cybersecurity or safety incident alert or report.
Invents a cybersecurity or safety test or audit scenario for [system or application].
Creates an action or remediation plan for [cybersecurity or safety issue or vulnerability].
Write source code for [cybersecurity or safety feature or measure] using the [programming language].
Generates a secure or secure key or password.
Create a quiz or game on [cybersecurity or safety domain or topic].

4 – Have fun

If you want to use ChatGPT as an entertainment tool, you can ask it to make jokes, play games, or simulate characters. Here are some examples of prompts you can use to have fun with ChatGPT:

Tell me a joke on [topic].
Let’s play a game: I’m thinking of something and you have to guess what it is by asking me closed-ended questions (yes or no).
“Talk to me like you were [famous person].
Make me an imitation of [celebrity].
Invents a riddle on [subject].
What’s the funniest movie you’ve ever seen?
What’s the craziest thing you’ve ever done?
What is your wildest dream?
What is your favorite superpower and why?
What’s the best piece of advice you’ve ever received?
What is the most embarrassing thing that has happened to you?

3 – Get Informed

If you want to use ChatGPT as an information tool on cybersecurity and system safety, you can ask it to provide you with data, facts, or opinions on various topics. Here are some examples of prompts you can use to inform yourself with ChatGPT:

What is the current cyber threat situation in the world?
What are the latest news on [cybersecurity or safety topic]?
What is the best way to [protect, detect, respond] to [type of attack or incident]?
What are the best products or services for [cybersecurity or safety needs]?
What is the historical and future evolution of [cybersecurity or safety related field or topic]?
What are the benefits and risks of [cybersecurity or safety technology or trend]?
What is your opinion on [controversial topic related to cybersecurity or safety]?
What are the best books or movies on [genre or theme related to cybersecurity or safety]?
What are upcoming events in [domain or sector related to cybersecurity or safety]?
Who are the most influential people in [field or sector related to cybersecurity or safety]?

5 – Discuss

If you want to use ChatGPT as a tool for discussing cybersecurity and system safety, you can ask them to talk about themselves, their interests, or their emotions. Here are some examples of prompts you can use to chat with ChatGPT:

Tell me about yourself: who are you, what do you do, what do you like about cybersecurity or safety?
What are your hobbies or passions in cybersecurity or safety?
How do you feel today in terms of cybersecurity or safety?
What makes you happy or sad about cybersecurity or safety?
What are your cybersecurity or safety dreams or goals?
What scares or stresses you about cybersecurity or safety?
What makes you curious or fascinated about cybersecurity or safety?
What makes you laugh or cry when it comes to cybersecurity or safety?
What are your values or principles regarding cybersecurity or safety?
What are your strengths or weaknesses in cybersecurity or safety?

6 – Test

If you want to use ChatGPT as a cybersecurity and system safety testing tool, you can ask it to check your knowledge, skills, or personality. Here are some examples of prompts you can use to test with ChatGPT:

Give me a quiz on [cybersecurity or safety topic].
Assess my level of [cybersecurity or safety competency] by asking myself questions.
Analyzes my personality in terms of cybersecurity or safety by asking myself questions.
Correct my text on [topic related to cybersecurity or safety] by looking for errors or weaknesses.
Give me feedback on my [cybersecurity or safety related project or work].
Give me tips on how to improve in [area or topic related to cybersecurity or safety].
Give me a challenge in [field or topic related to cybersecurity or safety].
Compare my results with those of other users in terms of cybersecurity or safety.
Give me a grade on [cybersecurity or safety criterion].
Give me a reward or sanction based on my cybersecurity or safety performance.

7 – Collaborate

If you want to use ChatGPT as a collaboration tool on cybersecurity and systems safety, you can ask it to work with you on a project, task, or idea. Here are some examples of prompts you can use to collaborate with ChatGPT:

Help me [do something related to cybersecurity or safety] by giving me instructions or resources.
Work with me on [cybersecurity or safety project] giving me ideas or suggestions.
Participate in [cybersecurity or safety task] by giving me your opinion or feedback.
Create with me [something related to cybersecurity or safety] by giving me examples or models.
Join me in [cybersecurity or safety activity] by giving me encouragement or motivation.
Learn with me [something related to cybersecurity or safety] by giving me lessons or exercises.
Play [cybersecurity or safety game] with me by giving me strategies or tips.
Share with me [something related to cybersecurity or safety] by giving me information or facts.
Discuss [cybersecurity or safety topic] with me with arguments or opinions.
Trust me in [cybersecurity or safety situation] by giving me support or help.

8 – Explorer

If you want to use ChatGPT as an exploration tool on cybersecurity and system safety, you can ask it to introduce you to new topics, places, or people. Here are some examples of prompts you can use to explore with ChatGPT:

Let me know [cybersecurity or safety topic] by giving me an introduction or summary.
Show me around [place related to cybersecurity or safety] by giving me a description or map.
Let me meet [someone related to cybersecurity or safety] by giving me a biography or interview.
Take me on a journey back to [cybersecurity or safety era] by giving me historical or cultural context.
Let me dive into [cybersecurity or safety] by giving me a storyline or plot.
Make me dream of [cybersecurity or safety fantasy] by giving me a vision or a feeling.
Make me think about [cybersecurity or safety issue] by giving me a perspective or hypothesis.
Make me imagine [cybersecurity or safety situation] by giving me an example or simulation.
Make me experiment [something related to cybersecurity or safety] by giving me a challenge or opportunity.

9 – Improve

If you want to use ChatGPT as a cybersecurity and systems safety improvement tool, you can ask it to help you patch, develop, or optimize your writing, project, or strategy. Here are some examples of prompts you can use to improve with ChatGPT:

Correct my text on [topic related to cybersecurity or safety] by looking for errors or weaknesses. Make sentences clearer. [Paste your text].
Develop a cybersecurity or safety strategy for my [organization or project] using the [framework name] framework. Guide me through the steps of developing an effective strategy.
Creates catchy headlines for a blog post on [cybersecurity or safety topic]. Titles should be engaging, impactful and memorable. [Creates a number of titles].
Plan my day more efficiently by creating a list of priority tasks based on the following tasks: [List your cybersecurity or safety tasks].
Optimizes my security or safety configuration for my [system or application] using the [approach name] approach. Guide me through the optimization process.
Summarizes the most important lessons from the book [Book title related to cybersecurity or safety] in a comprehensive but digestible summary.
Help me break the writer’s block by writing me a plan for a detailed blog post on [cybersecurity or safety topic].
Help me design a conversion funnel for my [cybersecurity or safety related product or service] using the [frame name] framework. Guide me through the key elements of an effective funnel.
Help me set better goals for [personal or professional goal related to cybersecurity or safety] using the SMART framework. Creates specific, measurable, achievable, realistic and time-bound goals.
Help me develop a communication strategy for my [project or work related to cybersecurity or safety] using the RACE (Research, Action, Communication, Evaluation) template. Guide me through the steps of creating a strategy that inspires interest and trust.
Help me innovate and improve my [cybersecurity or safety related product or service] using the Jobs to Be Done framework. Identifies potential areas for improvement based on customer needs and wants.
Help me review and update my security or safety policy for [organization or project] using current best practices and standards. Guide me through the key points of an effective and compliant policy.

10 – Personalize

If you want to use ChatGPT as a customized cybersecurity and system safety tool, you can ask it to change its behavior, tone, or style according to your preferences. Here are some examples of prompts you can use to customize ChatGPT:

From now on, talk to me in [language].
From now on, use a [formal or informal] tone in your answers.
From now on, adapt your writing style to [target genre or audience].
From now on, be more [concise or detailed] in your answers.
From now on, always give me at least [number] of options or examples in your answers.
From now on, always cite your sources or references in your answers.
From now on, always use verified data or facts in your answers.
From now on, avoid sensitive or controversial topics in your answers.
From now on, respect my opinions or beliefs in your answers.
From now on, treat me as [relationship or status] in your answers.

Also check Best Prompts for ChatGPT

Click me!

That’s it, we’ve completed our list of the best prompts to chat with ChatGPT about cybersecurity and system safety. We hope you found this article helpful and that you will try these prompts with ChatGPT. Feel free to send us your comments or suggestions in the section below. And don’t forget to share this article with your friends who might be interested in cybersecurity and system safety. Have a great conversation!

2021, Cyberculture, Digital Security, Phishing

Phishing Cyber victims caught between the hammer and the anvil

Posted on May 17, 2021February 22, 2024 by FMTAD

17
May

Phishing Cyber Victims by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Phishing: how cyber-victims are caught between scam and blackmail

Have you ever received an email or a message that looked like an official communication from a trusted organization, such as your bank, your phone operator or your social network? Did it ask you to confirm your personal or financial information, to pay a fine or to update your software? If so, you may have been targeted by a phishing attack.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

February 10, 2024

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts

February 8, 2024

Discover our other articles on digital security

Phishing is a fraudulent technique that aims to deceive internet users and to steal their information, money or identity. Phishing is a major threat for the security of individuals and organizations, as it can lead to financial losses, identity theft, extortion or malware infections. In this article, I will explain to you what phishing is, how to protect yourself from it, what to do if you fall victim to it and what are the current trends of this phenomenon.

What is phishing?

Phishing is a form of social engineering that exploits the human factor rather than the technical factor. In other words, phishing relies on manipulating people’s emotions, such as fear, curiosity or greed, rather than hacking their devices or systems.

Phishing usually involves sending emails or messages that mimic the appearance and content of official communications from legitimate organizations. These messages often contain a link or an attachment that directs the recipients to a fake website or a malicious file. The goal of phishing is to trick the recipients into revealing their personal, financial or confidential information, such as their passwords, their bank account numbers or their credit card details. Alternatively, phishing can also persuade the recipients to make fraudulent payments or to download malware on their devices.

Phishing can target anyone who uses the internet, whether they are individuals or organizations. However, some groups are more vulnerable than others, such as seniors, students or employees. According to a report by Verizon (https://enterprise.verizon.com/resources/reports/dbir/), phishing was involved in 36% of data breaches in 2020.

How to protect yourself from phishing?

To protect yourself from phishing, you need to be able to recognize the signs that can indicate that a message is fraudulent. Here are some examples of signs to watch out for:

Spelling or grammar mistakes in the message.
Suspicious addresses or links that do not match the supposed organization behind the message.
Urgent or unusual requests, such as confirming your bank details, paying a fine or updating your software.
Attachments or links that invite you to download or open a file.

If you receive a suspicious message, do not click on the links, do not open the attachments and do not reply to the message. Instead, check the source of the message by looking at the sender’s address, hovering over the links with your mouse to see their real destination or contacting directly the organization supposed to be behind the message by another means (phone, official website, etc.).

You can also use some tools and practices to enhance your security online, such as:

Installing an antivirus software and keeping it updated.
Using strong and unique passwords for each site and service you use.
Enabling two-factor authentication whenever possible.
Avoiding public Wi-Fi networks or using a VPN (Virtual Private Network) when accessing sensitive sites.
Educating yourself and others about cyber threats and how to prevent them.

What to do if you are a victim of phishing?

If you have clicked on a link, opened an attachment or disclosed personal or financial information following a fraudulent message, you may be a victim of phishing. In this case, it is important to act quickly to limit the consequences. Here are some tips to follow:

Change your passwords on all sites and services you use, especially those related to your bank accounts, your social networks or your email accounts.
Contact your bank or your phone operator to report the incident and block your cards or lines if necessary.
File a complaint with the competent authorities, such as the police, the FTC (Federal Trade Commission) or the IC3 (Internet Crime Complaint Center).
Report the fraudulent message to the concerned organizations, such as https://www.antiphishing.org/ or https://www.us-cert.gov/report-phishing. These sites also offer you information and services to help you cope with the consequences of phishing.

What is the new bill on justice and why is it raising concerns about privacy?

The bill on justice is a legislative project. It aims to modernize and simplify justice in France. It covers civil, criminal, administrative and digital justice. It also strengthens the investigation and prosecution of serious offenses, such as terrorism and organized crime.

One measure authorizes remote activation of phones by the police for some investigations. Article 3 “An unfailing commitment to better prevent radicalization and fight against terrorism” of the bill includes this measure. It modifies article 706-102-1 of the code of criminal procedure. This article defines how to activate remotely any electronic device that can emit, transmit, receive or store data.

This measure raises privacy concerns because it lets the police access personal or professional data in phones without the owners’ or possessors’ consent or knowledge. It also lets the police locate, record or capture sounds and images from phones without notification or justification. This measure may violate fundamental rights and freedoms, such as privacy, confidentiality, dignity, presumption of innocence and right to a fair trial.

What is remote activation of phones and how does it work?

Remote activation of phones by the police is an intelligence technique that allows law enforcement agencies to access data or record sounds and images from phones without the consent or knowledge of the phone users. This technique can be used for criminal investigations or national security purposes.

To remotely activate phones, law enforcement agencies need three factors: compatibility, connectivity, and security of the phones. They need to be compatible with the software or hardware that enables remote activation. They need to be connected to a network or a device that allows remote access. They need to have security flaws or vulnerabilities that can be exploited or bypassed.

Law enforcement agencies can remotely activate phones by three methods: exploiting vulnerabilities, installing malware, or using spyware on phones. Exploiting vulnerabilities means taking advantage of security flaws or weaknesses in the phone’s operating system, applications, or protocols. Installing malware means putting malicious software on the phone that can perform unauthorized actions or functions. Using spyware means employing software or hardware that can monitor or control the phone’s activity or data.

By remotely activating phones, law enforcement agencies can access data such as contacts, messages, photos, videos, location, browsing history, or passwords. They can also record sounds and images such as conversations, ambient noises, or camera shots. They can do this in real time or later by retrieving the data from the phone’s memory or storage.

What is the French bill on remote activation of phones by the police and what are its implications?

The French bill on remote activation of phones by the police is a legislative text that was promulgated on 25 May 2021. It is part of the justice orientation and programming bill for 2023-2027, which aims to modernize the justice system and reinforce its efficiency and independence.

The bill introduces a new article in the code of criminal procedure, which allows the judge of liberties and detention (at the request of the prosecutor) or the examining magistrate to order the remote activation of an electronic device without the knowledge or consent of its owner or possessor for the sole purpose of locating it in real time. This measure can be applied for crimes or misdemeanors punishable by at least five years’ imprisonment, a fairly broad criterion.

The bill also allows the judge of liberties and detention (at the request of the prosecutor) or the examining magistrate to order the remote activation of an electronic device without the knowledge or consent of its owner or possessor for the purpose of recording sounds and images from it. This measure can be applied only for crimes relating to organized crime and terrorism.

These measures cannot concern parliamentarians, journalists, lawyers, magistrates and doctors, nor the defendants when they are in the judge’s office or with their lawyer.

The bill also specifies that the remote activation of an electronic device must be done in a way that does not alter its functioning or data, and that the data collected must be destroyed within six months after their use.

The bill aims to provide law enforcement agencies with more tools and information to prevent, investigate and prosecute crimes, especially in cases where phones are encrypted, hidden or destroyed. It also aims to harmonize the French legislation with other countries that have used or considered this technique, such as the United States, Germany, Italy, Israel, Canada, China, France, and the United Kingdom.

However, the bill also raises ethical and social challenges, as it involves a trade-off between security and privacy, as well as between effectiveness and legitimacy. It may undermine the right to respect for private life and the right to a fair trial, which are guaranteed by the European Convention on Human Rights and the French Constitution. It may also expose law enforcement agencies to legal or technical challenges or dangers, such as encryption technologies that can prevent or hinder remote activation. It may also create distrust or resistance among phone users or providers, who may use encryption technologies or legal remedies to protect their data or communications.

The bill has been criticized by several actors, such as lawyers, human rights defenders, digital rights activists, journalists and academics. They have denounced its lack of proportionality, necessity and oversight. They have also questioned its effectiveness and legitimacy. They have called for its withdrawal or amendment.

The bill is still subject to constitutional review by the Constitutional Council before its final promulgation.

How did the Senate vote on the bill and where to find the official sources?

The Senate adopted this measure on October 20, 2021, with some amendments. The Senate voted in favor of this measure by 214 votes against 121. The Senate also added some safeguards to this measure, such as limiting its duration to four months renewable once and requiring prior authorization from an independent judge.

The National Assembly still has to examine the bill before adopting it definitively. The National Assembly may approve, reject or modify this measure. The final text may differ from the one that the Senate voted.

The examination of the bill by the National Assembly will start on December 6, 2021. You can follow the progress of the bill on the website of the National Assembly. You can also find the official text of the bill and the report of the Senate on their respective websites. You can also consult the website of the Ministry of Justice for more information on the bill and its objectives.

What are the benefits and risks of remote activation of phones?

This technique can affect citizens’ and suspects’ behavior in different ways.

On one hand, it can deter people from serious offenses. It exposes them to a higher risk of detection and identification. It reduces their incentives for criminal activities.

On the other hand, it can also make people more cautious or paranoid. It increases their uncertainty and fear. It leads them to avoid electronic devices, encrypt their communications, or use countermeasures such as jamming devices.

This technique can also impact public safety and security positively and negatively.

On one hand, it can improve the efficiency and effectiveness of law enforcement agencies. It provides them with more information and evidence. It helps them prevent, investigate and prosecute crimes.

On the other hand, it can also pose risks for human rights and civil liberties. It allows intrusive and covert surveillance. It violates privacy, confidentiality and dignity. It can also be subject to abuse, misuse or error by law enforcement agents or hackers.

Finally, it can create a feeling of insecurity and mistrust towards institutions, which can access personal or professional data in phones. It can also harm respect for presumption of innocence by placing permanent suspicion on people targeted by this technique. It can also infringe on protection of journalistic sources or right to information by discouraging whistleblowers or witnesses from speaking freely. It can finally encourage people concerned to adopt avoidance or circumvention strategies, such as changing phones regularly, using encrypted applications or switching to airplane mode.

These strategies can reduce the actual effectiveness of this technique for preventing terrorism and organized crime.

What are the arguments in favor of remote activation of phones?

Some people support this technique because they think it has several advantages for law enforcement and public security.

How can remote activation of phones violate privacy and data protection?

One of the main arguments against this technique is that it can violate privacy and data protection for individuals and groups. Privacy and data protection are fundamental rights recognized by international standards and laws. They ensure human dignity and autonomy.

Remote activation of phones violates privacy and data protection by letting law enforcement agencies access personal or professional data without the owners’ or possessors’ consent or knowledge. It also lets law enforcement agencies access sensitive or confidential data without notification or justification. It also lets law enforcement agencies access excessive or irrelevant data without limitation or proportionality.

For example, remote activation of phones could let the police access medical records, financial transactions, political opinions, religious beliefs, sexual preferences, or other intimate information on a device or a communication. It could also let the police access information that is not related to the investigation or that is out of scope on a device or a communication. It could also let the police access information that is not necessary or appropriate for the investigation or that is disproportionate to the seriousness of the offense on a device or a communication.

How can remote activation of phones improve access to justice and evidence?

Another argument in favor of this technique is that it can improve access to justice and evidence for law enforcement agencies and victims of crimes. Justice and evidence ensure the rule of law and the protection of rights.

Remote activation of phones improves access to justice and evidence by letting law enforcement agencies obtain information that is otherwise inaccessible or difficult to obtain. It also lets law enforcement agencies obtain information that is more reliable and accurate than other sources. It also lets law enforcement agencies obtain information that is timelier and more relevant than other sources.

For example, remote activation of phones could help the police access data that is encrypted or password-protected on a device or a communication. It could also help the police access data that is authentic and verifiable on a device or a communication. It could also help the police access data that is up-to-date and pertinent on a device or a communication.

What are the arguments against remote activation of phones?

Some people oppose this technique because they think it has several disadvantages for human rights and civil liberties.

How can remote activation of phones violate privacy and data protection?

How can remote activation of phones undermine the presumption of innocence and the right to a fair trial?

Another argument against this technique is that it can undermine the presumption of innocence and the right to a fair trial for individuals and groups. The presumption of innocence and the right to a fair trial are fundamental rights recognized by international standards and laws. They ensure justice and accountability.

Remote activation of phones undermines the presumption of innocence and the right to a fair trial by letting law enforcement agencies access data that they can use against individuals or groups without any legal basis or due process. It also lets law enforcement agencies access data that they can manipulate or falsify by law enforcement agents or hackers. It also lets law enforcement agencies access data that individuals or groups can challenge or contest.

For example, remote activation of phones could let the police access data that they can incriminate individuals or groups without any warrant or authorization from a judge. It could also let the police access data that they can alter or corrupt by law enforcement agents or hackers. It could also let the police access data that individuals or groups can dispute or refute.

How can remote activation of phones create a risk of abuse and misuse by the authorities?

Another argument against this technique is that it can create a risk of abuse and misuse by the authorities for individuals and groups. Abuse and misuse are illegal or unethical actions that violate rights and obligations. They damage trust and legitimacy.

Remote activation of phones creates a risk of abuse and misuse by the authorities by letting law enforcement agencies access data that they can use for purposes other than those authorized or intended. It also lets law enforcement agencies access data that they can share or disclose to third parties without any oversight or control. It also lets law enforcement agencies access data that they can retain or store for longer than necessary or permitted.

For example, remote activation of phones could let the police access data that they can use for political, personal, commercial, or other interests on a device or a communication. It could also let the police access data that they can transfer or leak to other agencies, organizations, media, or individuals on a device or a communication. It could also let the police access data that they can keep or archive for indefinite periods on a device or a communication.

What are the alternatives and safeguards for remote activation of phones?

Some people suggest that there are alternatives and safeguards for remote activation of phones that can balance security and privacy.

What are the existing legal tools to access phone data with judicial authorization?

One of the alternatives for remote activation of phones is to use existing legal tools to access phone data with judicial authorization. Judicial authorization is a legal requirement that ensures respect for rights and obligations. An independent and impartial judge grants it after evaluating the necessity and proportionality of the request.

Existing legal tools to access phone data with judicial authorization include search warrants, wiretaps, geolocation orders, data requisitions, and international cooperation agreements. These tools let law enforcement agencies obtain information from phones in a lawful and transparent manner. They also provide legal protection and recourse for individuals and groups.

For example, search warrants let law enforcement agencies physically seize phones and extract data from them with judicial authorization. Wiretaps let law enforcement agencies intercept calls and messages from phones with judicial authorization. Geolocation orders let law enforcement agencies track the location of phones with judicial authorization. Data requisitions let law enforcement agencies request data from phone operators or service providers with judicial authorization. International cooperation agreements let law enforcement agencies exchange data with foreign authorities with judicial authorization.

What are the principles and conditions for remote activation of phones according to the bill?

One of the safeguards for remote activation of phones is to follow the principles and conditions for remote activation of phones according to the bill. The bill on justice sets some rules and limits for this technique to prevent abuse and misuse.

The principles and conditions for remote activation of phones according to the bill include:

The technique can only be used for terrorism and organized crime investigations.
An independent judge who authorizes it must supervise the technique. The technique can only last for four months renewable once.
The technique must respect necessity, proportionality, subsidiarity, and legality.
Parliament and independent authorities must oversee and control the technique.
Experts and stakeholders must evaluate and review the technique.

These principles and conditions aim to ensure a reasonable and accountable use of this technique. They also aim to protect the rights and interests of individuals and groups.

What are the possible ways to limit or challenge remote activation of phones?

Another safeguard for remote activation of phones is to use possible ways to limit or challenge remote activation of phones by individuals or groups. These ways can help protect rights and interests, as well as ensure accountability and transparency.

Some of the possible ways to limit or challenge remote activation of phones are:

Using encryption technologies:

Encryption technologies can make data on phones unreadable or inaccessible to law enforcement agencies, even if they remotely activate them. Encryption technologies can also protect communications from law enforcement agencies’ interception or recording. For example, using end-to-end encryption apps, such as Signal or WhatsApp, can prevent law enforcement agencies from accessing messages or calls on phones.
Using security features:

Security features can prevent law enforcement agencies from installing or activating software or applications on phones that enable remote activation. Security features can also detect or remove software or applications that enable remote activation. For example, using antivirus software, firewalls, passwords, biometrics, or VPNs can prevent law enforcement agencies from accessing phones.
Using legal remedies:

Legal remedies can let individuals or groups contest or oppose remote activation of phones by law enforcement agencies. Legal remedies can also let individuals or groups seek compensation or redress for damages caused by remote activation of phones. For example, using judicial review, administrative appeals, complaints, lawsuits, or human rights mechanisms can challenge law enforcement agencies’ actions or decisions regarding remote activation of phones.

How does this technique compare with other countries?

Law enforcement agencies in other countries, such as the United States, Germany, Italy, Israel, Canada, China, France, and the United Kingdom, have used or considered remote activation of phones by the police. This technique is not new or unique. However, the legal framework, the technical methods, and the ethical and social implications of this technique vary from country to country..

How does remote activation of phones by the police work in different countries?

Remote activation of phones by the police is an intelligence technique that varies from country to country. It depends on the legal framework, the technical methods and the ethical issues of each country. Here are some examples of how it works in different countries.

In the United States, this technique is known as “roving bugs” or “mobile device tracking”. The Foreign Intelligence Surveillance Act (FISA) authorizes it for national security purposes and Title III of the Omnibus Crime Control and Safe Streets Act for criminal investigations. It requires a court order based on probable cause and limited in scope and duration. It can locate or record sounds and images from phones. It can be done by installing malware or exploiting vulnerabilities on phones.
In Germany, this technique is known as “Quellen-TKÜ” or “source telecommunications surveillance”. The Code of Criminal Procedure and the Telecommunications Act regulate it for criminal investigations and the Federal Intelligence Service Act for national security purposes. It requires a court order based on reasonable suspicion and proportionality. It can intercept communications from phones. To do so, it installs software or uses spyware on phones.
In Italy, this technique is known as “Trojan horse” or “spyware”. The Code of Criminal Procedure and the Data Protection Code regulate it for criminal investigations. It requires a court order based on serious indications of guilt and necessity. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.
In Israel, this technique is known as “IMSI catchers” or “stingrays”. The Wiretapping Law and the Privacy Protection Law regulate it for criminal investigations and the Security Service Law for national security purposes. It requires a court order based on reasonable grounds and proportionality. It can locate or intercept communications from phones. To do so, it uses devices that mimic cell towers and trick phones into connecting to them.
In Canada, this technique is known as “cell site simulators” or “IMSI catchers”. The Criminal Code and the Charter of Rights and Freedoms regulate it for criminal investigations. It requires a court order based on reasonable grounds and proportionality. It can locate or intercept communications from phones. To do so, it uses devices that mimic cell towers and trick phones into connecting to them.
In China, this technique is known as “network interception” or “remote control”. The Criminal Procedure Law and the Cybersecurity Law regulate it for criminal investigations and national security purposes. It does not require a court order but only an approval from a higher authority. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.
In France, real-time geolocation is regulated by the Criminal Procedure Code and the Intelligence Law for criminal and national security investigations. Article 706-102-1 of the Criminal Procedure Code allows police officers and agents to use a technical device to access, record, store and transmit computer data without the consent of the persons concerned. This requires a court order based on serious reasons and proportionality. Article 230-32 of the Criminal Procedure Code states that “Any technical means for real-time location, throughout the national territory, of a person, without his consent, a vehicle or any other object, without the consent of its owner or possessor, may be used if this operation is required by necessity: “. This also requires a court order based on serious reasons and proportionality.
In the United Kingdom, this technique is known as “equipment interference” or “hacking”. The Investigatory Powers Act regulates it for criminal investigations and national security purposes. It requires a warrant based on necessity and proportionality. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.

How does remote activation of phones by the police raise ethical and social challenges?

Remote activation of phones by the police raises ethical and social challenges in different contexts and situations because it involves a trade-off between security and privacy, as well as between effectiveness and legitimacy.

Security versus privacy

On one hand, remote activation of phones by the police can enhance security by providing law enforcement agencies with more information and evidence to prevent, investigate, and prosecute crimes. It can also deter criminals from using phones to plan or commit crimes.

On the other hand, remote activation of phones by the police can undermine privacy by letting law enforcement agencies access personal or professional data without consent or knowledge. It can also violate human rights and civil liberties by letting law enforcement agencies monitor or record sounds and images without notification or justification.

Effectiveness versus legitimacy

On one hand, remote activation of phones by the police can be effective by increasing the chances of finding relevant information or evidence on phones that may be encrypted, hidden, or destroyed. It can also be efficient by reducing the costs and risks of physical surveillance or interception.

On the other hand, remote activation of phones by the police can be illegitimate by violating the legal framework, the technical methods, or the oversight and control mechanisms that regulate this technique in each country. It can also be counterproductive by creating distrust or resistance among phone users or providers, who may use encryption technologies or legal remedies to protect their data or communications.

The ethical and social challenges of remote activation of phones by the police depend on the legal framework, the technical methods, and the oversight and control mechanisms that regulate this technique in each country. They also depend on the cultural and political values, the public opinion, and the media coverage that shape the perception and acceptance of this technique in each country.

Some of the ethical and social challenges of remote activation of phones by the police are how to :

balance security and privacy in the use of this technique?
ensure compliance with fundamental rights and freedoms in the use of this technique?
prevent abuse, misuse, or error in the use of this technique?
provide legal protection and recourse for individuals or groups affected by this technique?
ensure accountability and transparency in the use of this technique?
evaluate the effectiveness and legitimacy of this technique?
foster trust and cooperation between law enforcement agencies and phone users in the use of this technique?

What is the impact of encryption technologies on this technique?

Encryption technologies are methods or systems that make data unreadable or inaccessible to unauthorized parties. Encryption technologies can have a significant impact on remote activation of phones by the police, as they can make this technique more difficult, risky, or controversial.

How can encryption technologies make remote activation of phones by the police more difficult or impossible?

Encryption technologies can make remote activation of phones by the police more difficult or impossible by preventing law enforcement agencies from accessing data or communications on phones, even if they remotely activate them. Encryption technologies can also protect phones from malware or spyware that enable remote activation.

For example, end-to-end encryption, which some apps such as Signal or WhatsApp use, can prevent law enforcement agencies from intercepting or reading messages or calls on phones, as only the sender and the receiver have the keys to decrypt them. Device encryption, which some operating systems such as iOS or Android use, can prevent law enforcement agencies from extracting or viewing data on phones, as they require a password or a biometric authentication to unlock them.

How can encryption technologies make remote activation of phones by the police more risky or harmful?

Encryption technologies can make remote activation of phones by the police more risky or harmful by exposing law enforcement agencies to legal or technical challenges or dangers. Encryption technologies can also harm phone users by compromising their security or privacy.

For example, breaking encryption, which law enforcement agencies sometimes do to access data or communications on phones, can expose them to legal challenges, as it may violate laws or regulations that protect encryption or privacy. It can also expose them to technical dangers, as it may weaken the security of phones or networks and create vulnerabilities for hackers or criminals. Hacking encryption, which law enforcement agencies sometimes do to install malware or spyware on phones, can harm phone users by compromising their security or privacy, as it may allow unauthorized access to their data or functions.

How can encryption technologies make remote activation of phones by the police more controversial or unacceptable?

Encryption technologies can make remote activation of phones by the police more controversial or unacceptable by raising ethical and social issues or debates. Encryption technologies can also create conflicts or tensions between law enforcement agencies and phone users or providers.

For example, undermining encryption, which law enforcement agencies sometimes request to facilitate remote activation of phones, can raise ethical and social issues or debates, as it may affect human rights and civil liberties, such as privacy, confidentiality, dignity, presumption of innocence, and right to a fair trial. It can also create conflicts or tensions between law enforcement agencies and phone users or providers. They may have different interests or values regarding encryption and security.

How does EviCore NFC HSM technology developed by Freemindtronic offer a high level of protection for phone users?

Remote activation of phones by the police can be facilitated by exploiting security flaws, installing malware, or requesting backdoors in encryption technologies. However, some encryption technologies may be resistant to these measures and offer a higher level of protection for phone users. One of them is the EviCore NFC HSM technology developed by Freemindtronic.

This technology lets users create their own encryption keys in a random way and store them in a physical device that communicates with the phone via NFC (Near Field Communication). The device also lets users define their own trust criteria that must be met to use the keys or their segments. The encryption is done in post-quantum AES-256 mode from either a device compatible with the EviCore NFC HSM technology or from an encrypted enclave in the phone created in the Key chain (Apple) or the Key store (Android) via the EviCore HSM OpenPGP technology. The encryption keys are segmented and superior to 256 bits. Moreover, they are physically externalized from computer systems. Everything is designed by Freemindtronic to effectively fight against espionage and corruption of telephone, computer, communication and information systems. Finally, without a server, without a database, even in air gap and airplane mode works EviCore NFC HSM or EviCore HSM OpenPGP technology. Everything is designed to work in volatile memory to leave no trace in telephone and computer systems.

This technology offers a high level of security and privacy for phone users who want to protect their data from unauthorized access, including by the police. It also offers a high level of performance and usability for phone users who want to encrypt or over-encrypt all types of messaging in the world, including SMS and MMS. It also works with other applications that use encryption, such as email, cloud storage or blockchain.

Furthermore, this technology is designed to be totally anonymous, autonomous, unconnected, without a database, without collecting any information of any kind on the identity of the user, nor on the hardware, nor on the terminals used. The technology is designed to be totally isolated and totally independent of the security of the terminal used whether it is connected or not. Freemindtronic does not keep the unique pairing keys for each NFC HSM device. And even if it did, the user at installation will automatically generate segmented complementary keys for encryption with administrator and user passwords. Each NFC device has a unique 128-bit signature dedicated to fighting against counterfeiting of NFC devices. It is also used as a key segment. The secret stored in eprom memories or in enclaves of the phone and/or computer can be individually secured by other segmented keys characterized by additional trust criteria such as a geozone, a random hexadecimal code via an existing or generated QR code or Bar Code via EviCore HSM. It is therefore physically impossible for Freemindtronic but under judicial assignment to decrypt data encrypted via EviCore HSM technologies even with a quantum computer.

In conclusion, remote activation of phones by the police is an intelligence technique. It aims to fight terrorism and crime by accessing data or sounds and images from phones without consent or knowledge. Law enforcement agencies in various countries have used or considered this technique. For example, France, the United States, Germany, Italy, Israel, Canada, China, and the United Kingdom. However, this technique raises technical, legal, ethical, and social challenges. They need to be addressed.

On the technical side, remote activation of phones by the police depends on three factors: compatibility, connectivity, and security of the phones. It can be done by three methods: exploiting vulnerabilities, installing malware, or using spyware on phones.For example, EviCore NFC HSM technology developed by Freemindtronic protects data and communications on phones from remote activation by the police. Encryption technologies can make this technique more difficult or impossible by preventing law enforcement agencies from accessing data or communications on phones, even if they remotely activate them.

On the legal side, remote activation of phones by the police requires a legal framework that regulates its use and scope. Laws or regulations can authorize it and specify the conditions and criteria for its application. Legal remedies can also challenge it and contest or oppose its validity or legality.

On the ethical side, remote activation of phones by the police involves a trade-off between security and privacy, as well as between effectiveness and legitimacy. It can enhance security by providing more information and evidence to law enforcement agencies to prevent, investigate, and prosecute crimes. It can also undermine privacy by letting law enforcement agencies access personal or professional data without notification or justification.

On the social side, remote activation of phones by the police raises issues or debates that affect human rights and civil liberties. For example, privacy, confidentiality, dignity, presumption of innocence, and right to a fair trial. It can also create conflicts or tensions between law enforcement agencies and phone users or providers, as they may have different interests or values regarding encryption and security.

Therefore, remote activation of phones by the police is a complex and controversial technique that requires a careful and balanced approach that respects the rights and interests of all parties involved. The French bill on remote activation of phones by the police and the EviCore NFC HSM Open PGP technology developed by Freemindtronic illustrate the complex and evolving relationship between intelligence and encryption in the digital age. They raise questions about finding a balance. It is between security and privacy, between public interest and individual rights, between innovation and regulation.

: According to Okta, privacy is the right to control how your information is viewed and used, while security is protection from threats or dangers (https://www.okta.com/identity-101/privacy-vs-security/).

: According to Carnegie Endowment for International Peace, finding a balance between security and privacy requires addressing technical, legal, and social questions (https://carnegieendowment.org/2019/09/10/moving-encryption-policy-conversation-forward-pub-79573).

: According to Springboard, finding a balance between innovation and regulation requires cooperation among stakeholders and respect for human rights (https://www.springboard.com/blog/cybersecurity/privacy-vs-security-how-to-balance-both/).

Phishing: Cyber victims caught between the hammer and the anvil

Responsibility for Phishing, SMiShing, typosquatting, ransomhack, spear phishing, sim swapping, vishing, email and web Spoofing cybervictims is engaged.

There can no longer be any doubt, the responsibility of the Internet user is legally engaged with almost no recourse for the victims to obtain any refund!

Note that we most often find the English term “phishing” which translates “phishing” into French, as well as for the typosquatting that comes from the English “typosquatting” or spear phishing targeted phishing via social engineering techniques or Spoofing technique of spotting.

Following the 2015/2366 directive of the European Parliament and the Council of 25 November 2015, Order No. 2017-1252 of 9 August 2017 makes amendments to Articles L133-16 and L.133-19 of the Monetary and Financial Code for victims of bank card phishing.

Article L133-16 of the Monetary and Financial Code (below) states: “As soon as he receives a payment instrument, the user of payment services takes all reasonable measures to preserve the security of his custom security devices. It uses the payment instrument in accordance with the conditions governing its issuance and use. »

https://www.legifrance.gouv.fr/affichCodeArticle.do?cidTexte=LEGITEXT000006072026&idArticle=LEGIARTI000020860774&dateTexte=&categorieLien=cid

Article L.133-19 of the Monetary and Financial Code (below) states in paragraph IV: “The payer bears all losses caused by unauthorized payment transactions if these losses result from fraudulent conduct on his part or if he did not intentionally or grossly negligently satisfy the obligations referred to in Articles L.133-16 and L.133-17 of the Monetary and Financial Code.”

https://www.legifrance.gouv.fr/affichCodeArticle.do?idArticle=LEGIARTI000020861589&cidTexte=LEGITEXT000006072026

The judgment of the Court of Cassation of 25 October 2017 and that of 28 March 2018 form a case law on the liability of the Internet user victim of phishing by telephone via identity theft and/or via a fake website and/or a fake email.

The judgment of October 25, 2017, (cases of 25.10.17, No. 16-11 644)

https://www.legifrance.gouv.fr/affichJuriJudi.do?idTexte=JURITEXT000035925298&fastReqId=1348908414&fastPos=5&oldAction=rechJuriJudi

Monde.fr press article: http://sosconso.blog.lemonde.fr/2017/10/26/elle-avoue-a-sa-banque-avoir-ete-victime-de-phishing

The judgment of March 28, 2018, (cases. of 28.3.18, No. 16-20 018)

https://www.legifrance.gouv.fr/affichJuriJudi.do?oldAction=rechJuriJudi&idTexte=JURITEXT000036780076&fastReqId=1780826332&fastPos=1

The cassation courts reinforce the obligation of caution of Internet users in the face of phishing attacks that can be telephone, via SMS or e-mail, relating to the use of its bank cards or confidential codes.

The March 28, 2018 ruling deepens the liability framework for the Internet user by stating that the failure, by gross negligence, to take any reasonable measures to preserve the safety of its personalised security devices.
The user of a payment service who discloses the personal data of this security device in response to an email that contains clues allowing a normally attentive user to doubt its provenance is held solely responsible
The bank is not required to inform its customers of the risks of phishing.

How do cybercriminals circumvent 3D Secure code authentication?

Step ^1: The cybercriminal must obtain from his next victim the identifiers and passwords of his phone operator.

What for? To enable the cybercriminal to set up telephone referrals of messages received in particular from his bank. It’s easier than stealing the phone. Hence the importance of regularly changing your passwords from your operator’s account. This point becomes more and more crucial since the smartphone is a mobile payment and/or access control terminal.

Step^2: The cybercriminal must now obtain all the information from the bank card. Several possibilities; or phishing by email, SMS, blackmail, phone by impersonation by an agent of the operator. The victim overconfidence gives him his information. She is not aware that the 3D Secure will also be sent to cybercriminals.

The cybercriminal only has to make the payment that he can validate himself instead of the victim.

The victim informed at the same time as the cybercriminal that there is a request to validate a purchase via his bank card thinks, since she has not validated the payment, that she is safe. She can object to her credit card. Only it’s already too late. The payment is irrevocable and the bank’s liability is cleared. This is the judgment of October 25, 2017.

In another case, the theft of the smartphone with the bank card may have the same result. In the same way when you pay physically with your bank card where you can see in clear the CCV or CVC composed of 3 to 4 digits used for payments on the internet.

It is advisable to use Freemindtronic Andorra EviAlpha technologies for personal use and EviToken or EviCypher for professional use that allow, after you have physically removed the CCV or CVC code, to make payments on the internet safely. In case of bank card theft, the cybercriminal does not physically have access to the CCV or CVC, the protection with Fullsecure solutions is immediate. This solution is not dependent on the time factor associated with reporting loss or theft for use on the internet. In addition, this solution is capable of managing multiple bank cards and is compatible with any type of bank card internationally, at no additional cost or financial commitment.

There are CCVs or CVCs that change dynamically several times a day. A new security that has an additional annual cost. Used for physical payments, the CCV or CVC is visible. The cybercriminal has only a very short interval of time to rob his victims before the automatic change of the CCV or CVC. In case of theft of this type of bank card, the time depends on the time and date of the declaration of the theft as for other bank cards.

Sim swapping: What does the Monetary and Financial Code say about Secure?sim swapping 3D codes

According to Article L133-23 of the Monetary and Financial Code, it is up to the bank to provide proof of the registration of this type of authentication which makes it possible to presume that the payment has been validated by the rightful holder. Failing that, according to Article L133-18, the transaction is deemed “unauthorized”, the bank is obliged to repay.

The 3D Secure code was developed by Visa and MasterCard to combat the risks of Internet fraud. This code is therefore sent by visa or Master Card’s digital services and is not known to the user until it is received. In fact, it cannot communicate it to a cybercriminal unless the latter has stolen the smartphone, managed to make a copy of the SIM and the most common access to the customer’s accounts of the telephone operator to make a call return to obtain the 3D Secure Code.

What is vishing?

Vishing is a form of phishing that uses the phone as a means of deceiving victims. The term comes from the combination of “voice” and “phishing”. Vishing involves calling victims and pretending to be a trusted person or organization, such as a bank, a public service or a phone operator, and asking them for personal, financial or confidential information. For example, a scammer may claim that the victim’s bank card has been compromised and ask them to confirm their card number and PIN. Vishing can also be used to persuade victims to make fraudulent payments or to download malicious software on their phone.

Vishing is a growing threat, as it exploits the trust that people have in the phone and their lack of vigilance against unsolicited calls. Moreover, scammers use sophisticated techniques to make their calls more credible, such as spoofing, which consists of falsifying the phone number displayed on the recipient’s screen. To protect themselves from vishing, it is important to never disclose personal or financial information over the phone, to verify the identity of the caller by calling back the official number of the organization they claim to represent, and to report any suspicious call to the relevant authorities.

How phishing detection ?

The Internet user must become an expert in phishing detection and typosquatting in the face of the ingenuity of cybercriminals.

According to the case law, the Internet user must carry out a “watchful examination of the correspondent’s changing internet addresses or certain clues, such as misspellings… which should provide clues “of a sufficient nature to appeal to the Internetuser.”

However, the criteria adopted by the case law since 2015 are already obsolete because of the quality of counterfeiting of websites in perpetual increase, but not only.

Indeed, the only test to detect a“changing address”has become complex for #cybervictimes. These ingenious cyber criminals find many solutions to deceive their vigilance, especially by the use of special characters in the domain name.

Jurisprudential obsolescence in the face of the evolution of phishing by Unicode

Cyber criminals use special characters similar to the Latin alphabet, theunicode E100. They have more than 26 characters at their disposal (Ḁ ḁ Ḃ ḃ Ḅ Ḇ ḇ Ḉ ḉ Ḋ ḋ ‘Ḏ ḏ Ḑ ḑ Ḓ ḓ Ḕ’, ‘Ḏ ḏ Ḑ ḑ Ḓ ḓ Ḕ’, ‘Ṟ’, ṟ, ‘, ‘ Ṯ’, ṯ, Ṱ, ṱ’. All they have to do is buy a domain name similar to the original, and replace one of the characters with a unicode character, as similar as possible, with for example a dot below the character.

For example, we will use the websites of telephone operators and banks, just by replacing the letter “r” with“O”it can give this “f-ee.fr”orby replacing “b” with “ḅ” “ḅouyguestelecom.fr” or “ḅanquepopulaire.fr”.

A perverse new game that would be imposed by the jurisprudence that involves the Cyber-Victim to detect the hidden difference in the URL (address).

Are cyber criminals responding to my request? Indeed I had suggested to them in order to help the #cybervictimes to change their modus operandi to help them in the face of jurisprudence. “Please don’t make any more spelling mistakes, and if it’s not grammatically correct, make sure that the simple review of the changing address is not obvious on the exam alone.”

With the fake URL and once the counterfeit site is identical to the original, the trap is activated to capture future #cybervictimes.

Smishing (SMS Phishing)

A cybercriminal sends you an SMS (i.e. a text message) asking you to click on a link. If you click on the link in the message, you will be redirected to a fake website asking you to provide your information in a phishing form.

The cybercriminal attempts to obtain your sensitive information through a text message (i.e. SMS). They will ask you to provide personal information such as a social security number, credit card or health insurance information. He claims that you must give this information or something bad will happen to you (e.g. your electricity is cut off, your credit card is blocked or your online account is terminated). To learn more about Smishing, click HERE.

Typosquatting another form of phishing

Almost identical to phishing, fake site, fake URL, with the big difference that the cybercriminal bets on the typos of #cybervictimes when the user informs the internet address. Examples include “fri.fr” without (ee) or “bouyguetelecom.fr” without (s) or “banque-populaire.fr” with the addition of a hyphen or “free.com” by changing the extension (.fr).

A new playground for cyber criminals, a fake address bar on Android phones that use the Chrome browser.

Google Chrome on Android smartphone only shows the title of the site visited rather than displaying the full address bar with the URL. A new feature for user comfort to make more room for content to be played. This allows the cybercriminal to pass a phishing page as a legitimate web page.

Spoofing over domain name extension makes many cyber victims, especially for domains in .com. The cybercriminal buys a .co domain name with a name identical to that of a known site, an example “www.amazon.co”. The cyber victim receives an email that appears to be from the original site. She is invited to log in via a link to the “www.amazon.co” mirror site. She’s not going to be careful that she’s not on the original site with a .co extension instead of .com. It is therefore with confidence that the cyber victim will enter personal information, especially his login ID and password.

How will the case law evolve to determine the threshold that will qualify the Cyber victim as “negligent”?

Natural protection against phishing and typosquatting

There is a barrier to phishing when the domain name extension is proprietary. This is the case, for example, of the extension of the BNP Paribas bank with its own extension “.bnpparibas” of the website “www.mabanque.bnpparibas”. In this case, it is a cost of around $185,000 and a binding procedure to obtain fromICANN its custom domain name extension that establishes a natural barrier against this type of attack. However, users of these sites still need to be informed of this distinction. Otherwise, the case law is unequivocal and will be imposed on cyber-victims. Indeed, it is difficult to explain that they did not see the different extension.

Learn more about custom extension

https://www.prodomaines.com/extension-personnalisee

Is the overall level of computing so linear among Internet users that they are all able to carry out such a review?

I doubt it very much.

In the same way, to think that only insiders are safe from phishing seems to me a very risky shortcut.

It is becoming more and more difficult for the Internet user to differentiate between the true and the false.

Shouldn’t case law or a revision of the law take into account the quality of the forger as for the currency, to exonerate the responsibility of the victim?

Instant transfer payment, a new eldorado of cybercriminals?!

What will cybercriminals imagine to create new victims following the new implementation initiated by the ECB with the instant transfer payment system, in less than 10 seconds, irrevocably, achievable with a simple telephone number?

How does it work? (Source the tribune)

It is a transfer in euros that is initiated from the website of his bank or his mobile banking application by choosing the instant mode. Simply enter the IBAN or, less tedious, its mobile phone number (converted to IBAN by the bank), or even scan a QR code to send the money. The account is credited in less than 10 seconds and payment confirmation is sent by SMS within 20 seconds. The transfer is irrevocable. The service is usable 24 hours a day, 365 days a year. A ceiling of 15,000 euros has been decided at European level (the Netherlands has abolished it).

I predict an increase in cybercrime on this new SEPA Express system, if the security system is not equal to or greater than that of bank cards!

Innovation goes further and further to allow the machine to gradually substitute for human physical consent since currents of thought believe that man is more failing than the machine.

To this day, we cannot assign a machine to court. In fact, no one is safe from being between the hammer and the anvil.

‘Ransomhack’: blackmail to non-compliance RGPD

Cyber criminals also use phishing to steal private data, known asransomhack. Taken hostage, this data is being blackmailed by using the new European regulations (RGPD) to put pressure on victims. The goal is to get the ransom faster. It is enough to threaten the victim to make public the data if the ransom is not paid, weighing the risk of strong criminal and civil penalties incurred in the event of non-reporting to the CNIL of the theft of data.

Once again the technique of hammer and anvil becomes a formidable weapon in the face of the fear of double punishment, victim and criminally and civilly litigant.

The phishing technique is no longer the preserve of cyber criminals: it may be more or less legal!

It is difficult to establish statistics, as victims do not file complaints. It is very likely that many of you will recognize yourself in this situation.

What for?

Despite the new provisions imposed by the RGDP, online sites selling goods and/or services have found a way to obtain their customers’ bank card information. However, there is no reason for the client to provide this type of information.

Only here, it takes on a legal appearance, to get this valuable information from bank cards. In principle, legally you have the right to request their removal.

Now that we’re done with the theory, let’s move on to practice

As we have seen before, giving the information of bank cards is under the full responsibility of the Internet user.

Similarly, it is common knowledge that cyber criminals regularly steal private data, including bank cards from the databases of merchant sites.

According to the principle of prudence established by the Court of Cassation, could it not be taken up against the victim? Could the Court not consider that there is no need to inform the Internet user that there is a risk that his credit card information will be derogating? That he is in fact the only one responsible for the information he transmits!

Why do online sales sites need this credit card information? What do they really do with it?

I believe that in terms of the RGPD, you would be entitled to ask the question.

There are many good reasons that will be invoked, but these are not for the customer but for the service provider, especially when the service provider has a recurring payment system in place.

This credit card information becomes valuable for the quality of the outstanding accountable or EENE. If you want to know more(https://comptabilite.ooreka.fr/astuce/voir/609429/effet-escompte-non-echu).

What to remember: The expected effect is passed on to another creditor or bank. The higher the quality of the debt, the less expensive the cost of the discount. Even if rates are low, it is a gain.

Another interest is the forgetting and withdrawal of small sums that often go under the radar of customers. Agreements are established that provide for automatic renewal and anniversary dates with a minimum period of time to report the contract.

New: drown the fish under the guise of updates to the terms and conditions of sale! The service contract for which you consented is unilaterally amended. The trick is the criterion of trust. You are made to accept new conditions that cancel the previous ones.

Let us go even further in the violation of the rules of law.

If you cannot be accepted for a new document, a principle of law that does not exist in contractual matters is used. Just as a contract cannot be changed unilaterally, either by adhesion or synallagmatically, without the consent of the co-contractor.

Silence is not worth acceptance!

However, many service companies send you emails informing you that if you do not respond within a certain period of time, the contract will be considered accepted. If you refuse, you lose the service for which the provider had committed. However, the commitment may also include back-doors such as the subject of an update of general terms of sale.

The hammer and anvil method is activated!

This is a form of blackmail that is illegal, done digitally but does not rank in cyber crimes.

What for?

A beginning of response trail, because they act overdrawn and they are legally registered in corporate registers but not cyber criminals in principle.

The deterrent force of a recourse by the Internet user!

They also have a master asset, the cost of a civil or criminal action procedure in relation to the small amounts involved. The cost of obtaining a court order, such as legal fees, legal fees, time spent and the uncertainty of obtaining redress, is enough to make any desire for prosecution give up.

Even if the civil and/or criminal dol can be qualified, no one will ever know that you are also the victim of phishing by deception of the co-contractor to obtain the information of bank cards or private data.

However, when you show the teeth against cybercriminals, they trade without resisting too much. It will also depend on who you are in the fuse position. Ane against measure of the Internet user. This will also depend on the caller in the fuse position.

The balance of power through blackmail can be balanced. The risk of bad publicity on social networks, the CNIL Pro or Private,can have morecostly consequences than the sums incurred. In the same way if the Internet user has insurance that pays for legal and procedural costs. In this hypothesis the blackmail is reversed by the Internet user. The latter is no longer between the hammer and the anvil.

In the end, the amicable arrangement is better than a long trial. As a result, the risk of bad publicity on social networkscan have more costly consequences than the sums incurred. In this case, this form of threat may allow the Internet user to no longer be between the hammer and the anvil.

What are the current trends of phishing?

Phishing is a constantly evolving phenomenon, which adapts to new technologies and new behaviors of internet users. According to the statistics provided by https://www.phishing.org/phishing-statistics/ or https://www.kaspersky.com/resource-center/threats/phishing-statistics-report, phishing increased significantly in 2020 and 2021, especially because of the Covid-19 pandemic that favored remote work and online shopping. Phishing accounts for about 80% of cyberattacks and affects both individuals and businesses.

Moreover, phishing diversifies and takes new forms, such as vishing, smishing or spear phishing. Vishing is a form of phishing that uses phone calls to trick victims. Smishing is a form of phishing that uses SMS or instant messages. Spear phishing is a form of phishing that targets specific individuals or organizations using personalized information. These new forms of phishing are harder to detect and prevent, as they exploit the trust and emotion of victims.

To conclude, phishing is a major risk for the security of internet users and organizations, which requires vigilance and prevention. By following the tips that I gave you in this article, you can protect yourself from phishing and reduce the chances of being a victim.

You want to know more about the deception of the co-contractor from a legal point of view.

https://www.superprof.fr/ressources/droit/droit-general/droit-des-obligations/faute-et-nullite-du-contrat.html

Having the freedom not to give credit card information outside of a single transaction and under the exclusive control and consent of the payer, should not be a right to defend. Freemindtronic technologies such as EviToken or EviCypher with web browser extensions protect bank card information and counter phishing attacks. It is above all a tool to exercise this right to no longer give his credit card information on the internet to be saved.

To learn more about our credit card protection solutions, you can read the following articles on Linkedin:

Why are Freemindtronic’s #NFC Offline electronic safes already in compliance with the decree that will come into effect on 01/01/19?

https://www.linkedin.com/pulse/pourquoi-les-coffres-forts-%C3%A9lectroniques-nfc-offline-de-gascuel/

A new cloud-free individual security service with anti-phishing to protect all types of bank cards from start to finish

https://www.linkedin.com/pulse/un-nouveau-service-de-s%C3%A9curit%C3%A9-individual-without-cloud-with-gascuel/

https://www.linkedin.com/pulse/victimes-dhame%C3%A7onnage-impunity%C3%A9-of-cybercriminals-jacques-gascuel/

2021, Articles, Cyberculture, Digital Security, EviPass, EviPass NFC HSM technology, EviPass Technology, Technical News

766 trillion years to find 20-character code like a randomly generated password

Posted on May 16, 2021February 20, 2024 by FMTAD

16
May

766 trillion years to find randomly generated 20-character code like randomly generated password

766 trillion years to find randomly generated 20-character code is the result of a simulator to find a 20-character generated by technology EviPass.

The age of the universe is estimated at only 14 billion years, this gives you an idea of comparison.

How did I find this result that you can control on your own?

We used the Password Strength Calculator developed by Bob Beeman [1] which was last updated on January 4, 2013.

This simulator is freely available on the www.bee-man.us website as well as the source code used.

Why We Chose Bob Beeman’s Simulator

In our quest to estimate the time it would take to crack a random 20-character code, we had several simulation tools at our disposal, including lastbit.com [2], password-checker.online-domain-tools.com [3], and ANSSI’s [4] simulator from ssi.gouv.fr. However, we ultimately opted for Mr. Bob BEEMAN’s simulator due to its transparent calculation method and its technical approach to brute force attacks.

Acknowledging Mr. Bob BEEMAN

Before delving into the details of our simulation, we must extend our gratitude to Mr. Bob BEEMAN for making his code freely accessible and copyable while upholding his copyrights, as explained on his website. We hope our research can contribute to his already impressive achievements, including a record-breaking 15-millisecond feat.

Reference to Ultra-Powerful Computers

To provide you with a comprehensive understanding of the state-of-the-art technology for brute force attacks in 2013, we examined Bob Beeman’s simulator’s reference to an ultra-powerful computer designed in 2012 specifically for password cracking.

Considering Computational Capacity

Bob Beeman’s simulator takes into account the computational capabilities of computers, including the 2012 design, for executing brute force attacks on passwords. It allows for adjustments in the “Values of Hacker: Axes/Second,” providing a valuable point of reference and comparison.

Staying with Default Parameters

For the sake of consistency, we maintained the default example provided by Bob Beeman, which assumed a rate of 60-109 (billion) attempts per second.

Radeon City: Revolutionizing Password Security

In this section, we’ll delve into the incredible story of Radeon City, a game-changing password-cracking cluster boasting 25 AMD Radeon graphics cards. Discover how it was built, what it can achieve, and why it’s reshaping the world of password security.

Building Radeon City

Jeremi Gosney, the visionary behind Radeon City and the CEO of Stricture Consulting Group, sought to create a powerhouse capable of cracking passwords with unprecedented speed and efficiency. His solution? Virtual OpenCL (VCL), a groundbreaking virtualization software.

Gosney assembled five servers, each armed with five AMD Radeon HD7970 graphics cards, interconnected through VCL. The cluster, aptly named Radeon City, was born at a cost of approximately $30,000 in 2012.

Unleashing Radeon City’s Power

Radeon City is a juggernaut, capable of generating an astounding 350 billion guesses per second when cracking NTLM cryptographic algorithm hashes. In just 5.5 hours, it can test every combination of eight-character passwords, including uppercase and lowercase letters, digits, and symbols.

But it doesn’t stop there. Radeon City can crack a range of cryptographic algorithms, from MD5 and SHA1 to SHA2 and even SHA3, at unprecedented speeds. It employs various attack types, including brute force, dictionary, rule-based, combinator, and hybrid attacks, using extensive wordlists and intricate rules.

Radeon City isn’t confined to offline attacks. It can also perform online attacks through distributed cracking, where passwords are guessed on live systems.

Why Radeon City is a Game-Changer

Radeon City marks a seismic shift in password security. It reveals the vulnerability of passwords protected by fast algorithms like NTLM and challenges the belief that longer, complex passwords equate to greater security. The key takeaway? Truly secure passwords are random strings absent from dictionaries.

Moreover, Radeon City advocates for slow and salted algorithms like Bcrypt, PBKDF2, or SHA512crypt, and underscores the importance of password management tools like EviPass.

Radeon City Specifications

Jeremi Gosney, a data security researcher, engineered a groundbreaking desktop rig that can swiftly dismantle older protocols. Leveraging the Open Computing Language (OpenCL) framework and Virtual OpenCL Open Cluster (VCL), Gosney deployed HashCat—a dedicated password-cracking program. The system comprises five quad-core servers, each housing 25 AMD Radeon GPUs, providing the immense computational power required for the task. These servers are interconnected with a 10 to 20 Gbps transfer rate facilitated by an Infiniband switch.

server filled with 25 AMD Radeon HD 7970 GPUs

Here’s a snapshot of Radeon City’s technical specifications:

Servers: 5
Graphics Cards: 25 AMD Radeon GPUs
Model: AMD Radeon HD7970
Memory: 3 GB GDDR5
Clock Speed: 925 MHz
Compute Units: 32
Stream Processors: 2048
Peak Performance: 3.79 TFLOPS
Virtualization Software: Virtual OpenCL (VCL)
Password-Cracking Software: ocl-Hashcat Plus
Cost: $30,000 (2012)

This powerhouse enables Radeon City to achieve unprecedented speeds in password cracking, making it a game-changer in the realm of data security.

Advantages and Disadvantages of Radeon City

Advantages:

Power: Radeon City cracks passwords using both fast and slow algorithms.
Flexibility: It executes a variety of attacks with extensive wordlists and complex rules.
Innovation: Using virtualization technology, it overcomes hardware limitations.

Disadvantages:

Cost: Building and operating Radeon City can be expensive, including high electricity costs.
Noise: It generates significant noise, requiring specialized cooling and soundproofing.
Ethical Considerations: While powerful, its capabilities raise ethical and legal questions about its potential misuse.

Simulation Parameters and Results

To calculate the estimated time required to find a 20-character code with 94 symbols, we used the formula:

a^b / (c * 2)

Where:

“a” represents the number of possible characters,
“b” denotes the number of characters in the password,
“c” indicates the number of hash calculations achievable per second.

By selecting 94 symbols, a password length of 20 characters, and a 50% probability of success compared to the theoretical result, our simulation yielded an astonishing result: 766.076,000,000,000,000 years or 766 trillion [5] years.

Understanding the Financial Implications

This simulation approach not only provides insights into the time required but also sheds light on the financial investments necessary to establish a computer system capable of cracking such a password.

Consider this: The reference computer, as configured by Gosney, relies on a pool of 25 virtual AMD GPUs to crack even robust passwords. Yet, a single unit of this type, priced at approximately $30,000 in 2012, can generate just 348 billion hashes of NTLM passwords per second. To achieve results within the realm of 766 trillion years, one would need to acquire multiple such machines.

Hence, to decipher only a 20-character password generated with EviPass technology, residing within an EviTag NFC HSM or EviCard NFC HSM device, an investment of nearly $25 billion would be required. A remarkable comparison, given that global military expenses were estimated at 1.7 billion dollars [6].

Beyond Brute Force

It’s important to note that this test focused solely on brute force attacks without taking into account the activation and utilization of additional countermeasures, such as physical blockchain and jamming, which will be explored in future articles.

A Point of Reference: ANSSI’s Simulator

To provide further context, we examined the ANSSI website [7], whose simulator is limited to 20 characters and 90 symbols. This simulator yielded a score of 130, the maximum attainable. This score places passwords of this nature on par with the smallest key size of the standard AES (128-bit) encryption algorithm. Notably, our password generators exceed this maximum, boasting 20 characters with 94 symbols [8].

Forming Your Own Opinion

The aim of this article is to empower you to form your own assessment of the resilience of our password generators against brute force attacks. While we are not the sole providers of powerful password generators, our test stands as a benchmark against other comparable implementations.

Ensuring Ongoing Security

Our embedded password generator undergoes regular updates to maintain its complexity and withstand the evolving landscape of brute force attacks. Our commitment is to enhance security without compromising user convenience—a complex yet vital undertaking.

Diverse Password Generation Options

Our password creation options offer versatility. Users can either select passwords from the pool of 95 available characters, opt for a semi-automatic generation followed by modification, or automate the process entirely according to default criteria, allowing passwords of up to 20 characters.

Adaptability to Website Constraints

For websites that impose restrictions on symbols or character limits, users can customize their password generation preferences, choosing between identifiers, letters, and/or numbers, with or without symbols.

Hexadecimal Generator for Added Utility

We’ve also introduced a hexadecimal generator to facilitate programming of digital codes. This feature proves invaluable in various domains, including electronics, electromechanics, and maintenance services, enabling the creation and modification of digital access codes with ease. Furthermore, codes can be securely shared with building residents through functions like “scrambling” or encryption via a QR Code, all made possible by EviCore technologies from Freemindtronic.

To learn more about our solutions, please visit:

[1] https://www.bee-man.us/computer/password_strength.html
[2] http://lastbit.com/pswcalc.asp
[3] http://password-checker.online-domain-tools.com
[4] https://www.ssi.gouv.fr/administration/precautions-elementaires/calculer-la-force-dun-mot-de-passe
[5] https://www.btb.termiumplus.gc.ca/tpv2guides/guides/clefsfp/index-fra.html?lang=fra&lettr=indx_catlog_m&page=9-nI6-pQZOTM.html
[6] https://www.lesechos.fr/24/04/2017/lesechos.fr/0212007699237_les-depenses-militaires-atteignent-2-2–du-pib-mondial.htm
[7] https://www.ssi.gouv.fr/administration/precautions-elementaires/calculer-la-force-dun-mot-de-passe/
[8] EviPass uses all the symbols of the printable ASCII table, i.e., 95 symbols. The NFC EviPass device can store contactless up to 51 randomly generated characters with the Freemindtronic app.
[9] https://fr.wikipedia.org/wiki/American_Standard_Code_for_Information_Interchange

2018, Articles, Cyberculture, Legal information, News

Why does the Freemindtronic hardware wallet comply with the law?

Posted on June 13, 2018February 28, 2024 by FMTAD

13
Jun

Freemindtronic hardwares wallet is having regard to Decree No. 2018-418 of 30 May 2018 resulting from Law No. 2016-1321 of 7 October 2016 for a Digital French Republic, relating to the modalities of implementation of the digital safe service. Unless we are mistaken, it appears that the innovative patented solutions of 100% electronic safes for offline use have not yet been regulated.

The electronic safe solutions that may be affected by the decree are non-exhaustively, EviCypher, EviTag, EviCard, EviKey, EviDisk, FullKey NFC, EviKey & EviDisk

art. R. 55-1 – The decree provides a framework for the operation of digital safes. Thus, the provider of digital safes is required to inform the user in a clear, fair and transparent way about its service, prior to the conclusion of a contract. In particular, he must communicate

The type of space made available to it and the associated conditions of use;
The technical mechanisms used;
The Privacy Policy;
The existence and implementation of the guarantees of proper functioning.

Since Freemindtronic SL clearly tells users:

the pre-defined space available before the acquisition of the devices, as well as the possibility of checking for themselves the amount of memory used,
the terms of use are available invideos, at any time on the internet, via YouTube as well as through various publications written on the website,
that no material and/or digital information is collected in any way whatsoever, which consequently generates the total anonymity of the user,
the complete technical data sheets of the devices are available on the Freemindtronic SL website.
the implementation of the guarantee is published on the website. A large part of Freemindtronic SL solutions are guaranteed lifetime devices.

art. R. 55-3 – The said decree specifies that the integrity, availability and accuracy of the origin of the data and documents stored in the digital safe are guaranteed by appropriate security measures and in accordance with the state of the art.

Since Freemindtronic SL can guarantee users:

Data integrity, which is guaranteed by the manufacturer of STMicroelectronics components for at least 1 million error-free write cycles, and 40 years of data retention in non-volatile memory.

Their availability since Freemindtronic SL devices work without maintenance, without battery, by recovering electrical energy via the NFC signal of a smartphone. Thus, such a device allows users to access at any time, for at least 40 years, the data contained in the vault.

The accuracy of the origin of the data: it is the user himself who stores the data in the electronic memory of The Vaults of Freemindtronic SL

Memory access is physically locked by multiple hardware devices, such as a unique peering key with at least one user-defined administrator password. These security measures implemented imply the material and/or digital impossibility of corrupting the backed up data. It will also be impossible for the manufacturer to be able to access the automatically encrypted contents of said memory of the device. It is specified that the user has additional functions that allow him to harden himself the level of security according to the use of Freemindtronic’s electronic safes.

art. R. 55-4 The said decree specifies that the traceability of the operations carried out on the data and documents stored in the digital safe require at least the implementation of the following measures:

The recording and timestamp of accesses and access attempts;
Recording operations affecting the content or organization of the user’s data and documents;
Recording maintenance operations affecting data and documents stored in digital vaults.
The retention periods of this traceability data constitute a mandatory mention of the contract for the provision of electronic safe services.

Since Freemindtronic’s electronic safes,

have a tamper-proof and non-modifiable black box. That this black box traces in particular the number of attempts to enter the administrator password and that this information is automatically saved in the black box.
manage the recording of data dynamically, machine to machine (M2M) between the NFC terminal and the NFC device. That the backup system is carried out in real time with the physical electronic memory of the device, on the volatile memory of the terminal, without preservation of this data.
have non-volatile memories, capable of retaining the data backed up by the user for at least 40 years, without the need for an electrical power source.
has certified documents from the manufacturer of the electronic components used by Freemindtronic SL in these devices which establish without a doubt that the average time between failures is estimated after a 1 million cycles of writes per memory block, no maintenance operation is necessary.

art. R. 55-5.- The said decree indicates that the identification of the user when accessing the digital safe service must be ensured by an electronic means of identification adapted to the security issues of the service.

Since Freemindtronic’s solutions have several identification parameters that can be predetermined by the user himself, namely: administrator password, user password, pairing of NFC terminals, enslavement to a geolocation point, encryption key, physical blockchain segments, password encryption keys, and a code for displaying and sharing data called jamming.

art. R. 55-6. The said decree, according to the guarantee, as provided for in 4 ° of Article L. 103, of the exclusivity of access to the documents and data of the user or to the data associated with the operation of the service requires at least the implementation of the following measures:

“1° An access control mechanism limiting the opening of the digital safe to only persons authorized by the user;

“2° Security measures to guarantee the confidentiality of stored documents and data as well as the corresponding metadata;

“(3) Encryption by the digital safe service of all documents and data stored by or transferred to or from the digital safe. This encryption must be carried out using cryptographic mechanisms in accordance with the state of the art and allow an evolution of the size of the keys and algorithms used.

Since Freemindtronic SL,

has implemented several security systems to protect the opening of the electronic safe: physical, digital and human identification. The first check requires to know the physical pairing key of the device to authorize the connection with a computer terminal with NFC technology. The second control requires the user to know the administrator code that he himself has previously saved in the device to access the services. Other security systems can be added, forming a symmetric and/or asymmetric encryption key that, segmented into a physical blockchain in physical memory, makes access to encrypted data saved in physical memory totally inaccessible.
has implemented a multi-factor authentication method to simultaneously identify the terminal authorized to use the device and the user. This makes it possible to guarantee exclusive access to the backed-up data to the user and/or his/her rights holders.
has implemented a backup process by which all attached data and metadata are encrypted in the unconnected device that guarantees the confidentiality of the data stored in the electronic safe.
uses dynamically scalable encryption key sizes and uses qualified standardized standards, such as AES256-bit and/or RSA4096-bit keys. Said keys can themselves be encrypted in AES256 bits and segmented in a physical blockchain, in one or more separate devices. Such an implementation makes it impossible, at the known state of the art, to access the said keys or the possibility of guessing them via a brute force attack.

Decision of the Jaroch Technology Committee meeting on 12 June 2018,

Having regard to Decree No. 2018-418 of 30 May 2018 which will enter into force on 1 January 2019;

Where as Freemindtronic SL clearly indicates to users the conditions of use, the technical mechanisms used and the implementation of the guarantees associated with its electronic safe solutions;

Whereas appropriate security measures are implemented to guarantee the integrity, availability and accuracy of the origin of the data stored in the electronic safe;

Whereas the traceability of the operations carried out on the data stored in the electronic safe is effective;

During the Occitanie CyberMatines on LMI TV @lemondeinformatique april 22, 2020, Fullsecure conducted offline protection and physical use demonstrations of sensitive data such as passwords and encryption keys. The backup media in credit card or Tag formats operate without contact with a phone serving as an NFC terminal.

This demo shows an electronic self-connection system to a computer, a motherboard Bios, a Windows session and a VPN with the devices from Freemindtronic hardwares wallet & contactless virtual keyboard

Retrocompatible solutions for offline encryption of any type of data on computer and phone

Another demo shows how to encrypt any data on computer and smartphone, an operation compatible with all computer systems and messaging services, including SMS.

We are talking about compatible retro solutions that offer the advantage of securing the use of any type of computer hardware, computer, smartphone, software, application while maintaining maximum security of the use of sensitive data, whether personal or professional.

Finally, Fullsecure gives a tip to make a desktop “smart”: Secure the sensitive data of any computer discreetly, discreetly, thanks to its mini devices hardened in Pin’s format.

In addition, data sharing is contactless, reducing the risk of contagion during this period of pandemic due to Covid19. Indeed, it is enough to approach your smartphone to the Fullsecure device to manage and use the data contained in pin’s.

Fullsecure offers a wide range of products to meet data security needs in mobility and/or in the workplace.

Why use multi-factor authentication?

Everything you need to know about multi-factor authentication and its variants

Why use multi-factor authentication?

How to evaluate the level of resistance to cyberattacks?

What are the differences between MFA, 2FA, 2SV, SFA, SSO, OTP and Passwordless MFA?

Multi-Factor Authentication (MFA)

Two-Factor Authentication (2FA)

Two-Step Verification (2SV)

Single-Factor Authentication (SFA)

Single Sign-On (SSO) and Multi-Factor Authentication (MFA)

Passwordless Multi-Factor Authentication (Passwordless MFA)

One-Time Passwords (OTP)

Time-based One-Time Password (TOTP)

HMAC-based One-Time Password (HOTP)

Statistics on MFA, 2FA, 2SV, SFA, OTP (TOTP and HOTP), Passwordless MFA and SSO

Discover PassCypher NFC HSM: an innovative solution for contactless multi-factor authentication

The benefits of PassCypher NFC HSM

The features of PassCypher NFC HSM

Conclusion

Comparison of popular authentication methods

PassCypher NFC HSM offers several benefits over traditional multi-factor authentication solutions, such as SMS or email

PassCypher NFC HSM also offers several features that facilitate the management and use of passwords, such as:

Why some EU countries don’t want the unitary patent

Why some EU countries are not on board

What is the unitary patent?

What is the current status of the unitary patent?

The UPC Agreement

The main obstacle and challenges

What are the advantages?

How does the unitary patent compare with other patent systems?

The European Patent Convention (EPC)

The Patent Cooperation Treaty (PCT)

The Eurasian Patent Convention (EAPC)

How Freemindtronic’s international patents are related to the unitary patent

Our patent options

Our patent strategy

Conclusion

How can legal issues of the unitary patent for non-participating countries be resolved?

What are the disadvantages?

What are the best practices or strategies for using or avoiding the unitary patent?

The scope of protection

The cost of protection

The risk of invalidation

The enforcement of rights

Why do some EU countries not want to join the unitary patent

What are the consequences of these countries’ exclusion from the unitary patent?

What are the legal issues of the unitary patent for non-participating countries?

Conclusion

Summary

Efficient NRE Cost Optimization for Electronics

How to Calculate NRE Cost for Electronic Products with PCB?

3 levers

Three Main Levers to Reduce NRE Cost for Electronic Products with PCB

How to Use the TRL Scale to Optimize NRE Cost for Electronic Products with PCB?

What are the Benefits of Using the TRL Scale for Freemindtronic?

Conclusion and Contact Information

How to Spot and Avoid Phishing Attacks on Meta

Protecting Your Meta Account from Identity Theft

Creating Strong and Unique Passwords to Safeguard Your Meta Account

Enhancing Meta Account Security with Two-Factor Authentication (2FA)

Table: Comparison of Different 2FA Methods on Meta

The Ultimate Solution – EviPass and EviOTP for Meta Account Protection

Being Vigilant Against Phishing Attacks to Secure Your Meta Account

Regularly Updating Security Information for Meta Account Protection

Implementing EviOTP for Enhanced Meta Account Security against Identity Theft

EviOTP – The Ultimate 2FA Solution

To enable two-factor authentication with Contactless OTP Manager, you must follow these steps:

Beware of phishing attacks

Update your security information regularly

Real Testimonials of Meta Account Identity Theft and Steps to Protect Yourself

Conclusion: Safeguard Your Meta Account from Identity Theft

Protect your digital identity and take the necessary steps to secure your Meta account now. Don’t let hackers steal your online identity. Be proactive in your approach to security and make protecting your account a top priority.

About Freemindtronic

How to Protect Your Passwords from Quantum Computers Introduction

How to create strong passwords in the era of quantum computing?

What is quantum computing and how does it work in video?

What is a strong password?

Why is a strong password important?

But what about quantum computers?

How to choose a strong password?